PE_EXPIRO.RAP Removal help

Ok so i've had this problem for quite sometime now. I'm using Trend micro to delete this virus but it keeps coming back. I have followed the websites description on how to get rid of its auto start and it doesn't get rid of it entirely.I have used other programs like avg etc and nothing helps. It keeps coming back and screwing up some of my executable programs. pretty much every exe file is infected, some work while as other wont until i replace the file which can be a pain depending on the program. Does anyone no how to permenatly disable/delete this virus besides wiping my drives?

http://about-threats.trendmicro.com/Malware.aspx?language=us&name=PE_EXPIRO.RAP theres a link to the virus i have

if the image dosnt show theres the pic in the attachment

 

Hi and welcome to Major Geeks, Eliwsu!

Expiro is a nasty executable file patching virus.
Please read the below post for additional information:

• http://forums.majorgeeks.com/showpost.php?p=1680292&postcount=2

 

This is why i never trust AVG software. I downloaded and ran the program, rebooted it started scanning. Eventually my computer went to sleep which is weird because it never fully loaded windows. So I cant boot my computer have to reinstall windows. I wasn't planning on doing this so i couldn't backup my other partition so i still have the virus on my other drive. AVG has screwed me over before by "fixing" files by deleting them without telling me it would delete them and once again it did it again. So unless anyone has any other idea to get rid of it besides a full format please let me know.

 

Microsoft Security Essentials (MSE) claims it can "heal" the infected files. Maybe you'd like to try it >> Microsoft Security Essentials

 

Microsoft Security Essentials has been doing a much better job at cleaning this virus without screwing everything up like AVG. i did my second scan today and found only two more that it didn't detect before so it just maybe be slowing dieing off my system ill post an update later to find the final verdict if it actually worked or not.

If all else fails then i got to do a full wipe which sucks which would be the second virus that has got me by the cojones that I couldn't win the battle against. The first one i got years ago was a boot strap virus that hit my system hard and fast.

 

Ya Microsoft Security Essential helped but i still have the virus. This sucks. So nobody can solve this tricky one out besides giving up and reformatting?

 

I'm sorry but as far as I know, there is no sure way to remove PE file infector viruses like Expiro/Ramnit/Virut/Sality/Scribble/Vetor.

The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

If you'd still like to try something else. See the below:

ESET Online Scanner

1. Do the scan once
2. Reboot your PC when it is finished!
3. Go back to do the scan AGAIN
4. Reboot your PC AGAIN when it is finished!
5. Do the scan for a 3rd and final time
6. Reboot your PC AGAIN when it is finished!

Come back here and attach all 3 logs from the 3 scans here.

 

C:\Users\eli\AppData\Roaming\Mozilla\Firefox\Profiles\1lorels0.default\extensions\{ec9032c7-c20a-464f-7b0e-
13a3a9e97385}\components\red.js JS/Redirector.NBI trojan cleaned by deleting - quarantined

C:\Users\eli\Downloads\Anno.2070.Update.1.01\solidcore32.dll a variant of Win32/Kryptik.FM trojan cleaned by
deleting - quarantined

D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pp1qqfw4.default\extensions\{72b72799-aac1-
4ae7-b944-a743a9168d3e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pp1qqfw4.default\extensions\{72b72799-aac1-
4ae7-b944-a743a9168d3e}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined

D:\Games\anno\solidcore32.dll a variant of Win32/Kryptik.FM trojan cleaned by deleting - quarantined

D:\Program Files\utorrent dls\Anno.2070\rld-an27.iso a variant of Win32/Kryptik.FM trojan deleted


I ran four scans(three ESET one MSE) yesterday and one scan today. So far i was clean after the first ESET scan thats why theres only one report. Hopefully this got rid of whatever backdoor was auto starting or redownloading the vamprio virus. Thanks a lot hopefully this thread will help others who come across my issue. Ill be running multiple scans for the next few days so well see if it ever comes back and I'll let you know.

 

Thanks for sharing this information. I'm sure it will help others in the future.