OK, I will help you with this issue. G2G is a great site as well and maliprog was doing the same things I would start with and nothing they asked you do to resulted in the new issues you are encountering. I will warn you that Expiro is a nasty infection. The chances of recovery are slim. It is of a type called 'file infector'. This class of infection (including Ramnit, Virut, Sality, etc.) infect and rapidly spread across all files. It can also corrupt your operating system which likely explains the issues you have with freezing and booting at this point.
In my opinion, Expiro and other file infectors are not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.
These kinds of viruses can also spread via flash drive, so I recommend a complete reformat and restoring your backup. It's just not safe to pull your files off of this machine as the virus can easily spread. Expiro also has a backdoor functionality:
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information
and download and execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
If you want to attempt cleaning, please give me more information about the boot cycle. It is critical for me to understand exactly where it stops loading.
You boot, it shows a dell logo, is ask you to boot into normal or safe mode, no matter what you select you see the windows logo then it reboots again?
I saw that OTLPE didn't work for some reason. We'll try xPud from a USB flash drive. We'll just see if we can get it booting that way first. Try this please. You will need a blank USB drive.
to the desktop of your clean computer
- Insert your USB drive
- Press Start > My Computer > right click your USB drive > choose Format > Quick format
- Double click the unetbootin-xpud-windows-387.exe that you just downloaded
- Press Run then OK
- Select the DiskImage option then click the browse button located on the right side of the textbox field.
- Browse to and select the xpud-0.9.2.iso file you downloaded
- Verify the correct drive letter is selected for your USB device then click OK
- It will install a little bootable OS on your USB device
- Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
- After it has completed do not choose to reboot the clean computer simply close the installer
- Remove the USB and insert it in the sick computer
- Boot the Sick computer
- Press F12 and choose to boot from the USB. If that doesn't work, let me know. Booting from USBs is different depending on your BIOS.
- Follow the prompts
- A Welcome to xPUD screen will appear
Edited by etavares, 13 February 2013 - 06:42 AM.
Moved to Virus Removal Forum