W32.Xpiro


Aliases: Win32/Expiro
Variants: Win32/Expiro.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Jul 2008
Damage: Low

Characteristics: The W32.Xpiro program is an infecting virus in Windows executable file. It also downloads program, executes additional files from the remote locations, and has the capability of stealing information on credit card collected from the compromised computer.

More details about W32.Xpiro

W32.Xpiro is a Windows .exe file infecting virus. It is as well capable of stealing credit card info gathered from the compromised machine. Upon W32.Xpiro execution, this virus recursively searches for link files inside drives C to Z beginning from the root directory and sub-directories and attempts to infect the particular target link in Windows executable. These infected files suddenly increase in size and 4 additional sections are added at the end of the file. The appended section details include the virtual size, name, and physical size, respectively.

The program is capable of getting information regarding the affected machine. This includes the operating system, the RAM (Random Access Memory) and the programs that are installed on the computer. This data is sent to third parties. Some programs possibly appear on the computer without the user’s consent. Important files from the system may also be deleted by the Trojan program.