Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:W32/Expiro.E
Date discovered:18/04/2011
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:No
VDF version:7.11.06.168 - Monday, April 18, 2011
IVDF version:7.11.06.168 - Monday, April 18, 2011

 General Method of propagation:
    Infects files


Aliases:
   •  Kaspersky: Virus.Win32.Expiro.w
   •  F-Secure: Virus.Win32.Expiro.w
   •  Bitdefender: Backdoor.Generic.630828
   •  Grisoft: Win32/Expiro.O
   •  Eset: Win32/Expiro.T virus
     DrWeb: Win32.Expiro.23


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
Infects files
   • Registry modification

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
 The last section of the file is modified to include the virus code.
The following section is added to the infected file:
   • UPX0


Method:

This direct-action infector actively searches for files.


Infection length:

- 110.592 Bytes


The following file is infected:

By file type:
   • Windows Executable File(exe)

 Registry The following registry keys are changed:

Lower security settings from Internet Explorer:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\0]
   Old value:
   • "1609"=dword:00000001
   New value:
   • "1609"=dword:00000000
   • "2103"=dword:00000000

Lower security settings from Internet Explorer:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\1]
   Old value:
   • "1406"=dword:00000001
   • "1609"=dword:00000001
   New value:
   • "1406"=dword:00000000
   • "1609"=dword:00000000
   • "2103"=dword:00000000

Lower security settings from Internet Explorer:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\2]
   Old value:
   • "1609"=dword:00000001
   New value:
   • "1609"=dword:00000000
   • "2103"=dword:00000000

Lower security settings from Internet Explorer:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\3]
   Old value:
   • "1406"=dword:00000003
   • "1609"=dword:00000001
   New value:
   • "1406"=dword:00000000
   • "1609"=dword:00000000
   • "2103"=dword:00000000

Lower security settings from Internet Explorer:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\4]
   Old value:
   • "1406"=dword:00000003
   • "1609"=dword:00000001
   New value:
   • "1406"=dword:00000000
   • "1609"=dword:00000000
   • "2103"=dword:00000000

Description inserted by Szewee Tan on Wednesday, April 20, 2011
Description updated by Szewee Tan on Wednesday, April 20, 2011

Back . . . .