Not Detected - expiror.exe

Discontinued Products Comodo BOClean Anti-Malware
#1

Not sure if CBOClean should have caught this or not but I found it in C:\Windows\System32 when Comodo firewall alerted me that it was trying to connect and my CPU went to 100%. Thank you Comodo Firewall Pro… I’m not sure where it came from or how it got on my computer. However, I am watching it more closely then usual which is pretty darn close.

For waht it’s worth, Eset Nod32 didn’t catch it either.

The file shows as “expIror.exe”, note: capital i (eye), not l (ell).

Got rid of it through a previous system restore point as it seems to create and enter it’s self into the the most recent system restore point.

This may be old news to you folks and perhaps it was not CBOC’s job to catch it but I bring it to your attention none-the-less.

Stan
Windows XP Home sp2

#2

Hi,

In future if you suspect a file to be malware you can submit this to:
bocleansubmissions@comodo.com

It will be analysed and, if found to be malware, will be added to the database. Please zip and password protect the file, and include in the email why you are submitting it and the password.

Mike

#3

Hi

This trojan( if it’s so )could be a zero day threat right! And does BOClean guard us against such threats! Haven’t yet tested out the BOClean! Hopefully soon I will!

Dam

#4

When you search Google with “expIror.exe” nothing comes up. Could be some new malware indeed :-\

Greetz, Red.

#5

Ahhh my error it’s “expiorer.exe”, tough to spell something wrong on purpose, in the c:\windows\system32 directory it looks like “explorer.exe”.

Mike, if I ever have this happen again I’ll do as you suggest. Kind of took me by surprise as it’s the first time my machine has ever been infected.

Looks like this thing has been around since 2003 or earlier.

Sorry about the error.
Stan

#6

Lol Stanr :stuck_out_tongue:

Now we can find something :slight_smile:

Greetz, Red.