SVCHOST.VIR – Virus Expiro

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

SVCHOST.VIR – Virus Expiro removal

File MD5 Virus Alias
SVCHOST.VIR 8cedf2e5165c7362d649b5f665fa0adf Virus Expiro
SVCHOST.VIR 8cedf2e5165c7362d649b5f665fa0adf Trojan SuspiciousFile

SVCHOST.VIR size: 161792 bytes
SVCHOST.VIR hash: 8CEDF2E5165C7362D649B5F665FA0ADF

Created files:

C:\windows\system32\cisvc.vir
C:\windows\system32\clipsrv.vir
C:\windows\system32\dllhost.exe
C:\windows\system32\dmadmin.vir
C:\windows\system32\imapi.vir
C:\windows\system32\mnmsrvc.vir
C:\windows\system32\msdtc.exe
C:\windows\system32\msiexec.vir
C:\windows\system32\svchost.vir

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\msiserver\Type: 20010000
HKLM\System\CurrentControlSet\Services\msiserver\Start: 02000000
HKLM\System\CurrentControlSet\Services\msiserver\SBIE_CheckPoint: 01000000

Detected by UnHackMe:

SVCHOST.VIR
Default location: %SYSDIR%\SVCHOST.VIR

Dropper information:
MD5: 0afb1ce185c539af29f774376dc45f5e
File size: 332288 bytes