How to remove Win32/Adload.Da virus
- Thread starter donkeyballs
- Start date
I don't know what a "Cracked" means but all the files there are:
1. An extractable file (an archived file, I don't know what it is called) and
2. A Read Me
Hmm so what should I do?
1. An extractable file (an archived file, I don't know what it is called) and
2. A Read Me
Hmm so what should I do?
Oooh I have not really tried playing those games because they were given to them when I sent this laptop for repairs. Anyway, I will just delete them and see what will happen.
But, on a side note, the report showed a different Trojan, not Win32, right? Thanks for everything kuttus!
But, on a side note, the report showed a different Trojan, not Win32, right? Thanks for everything kuttus!
- Oct 5, 2012
- 2,697
C:\Documents and Settings\lenovo\Desktop\Games\new games\Crysis\Crysis.Multi-5.Full-Rip.Skullptura.7z//Crysis/dll.dll
C:\Program Files (x86)\Connectify\ConnectifyPatch.exe
C:\Users\lenovo\Desktop\Games\new games\Crysis\Crysis.Multi-5.Full-Rip.Skullptura.7z//Crysis/dll.dll
C:\Users\Public\Videos\Sample Videos\desktop.ini
These are the files detected as infection.
Upload these Files to Virustotal one by one
Please visit Virustotal.com
C:\Program Files (x86)\Connectify\ConnectifyPatch.exe
C:\Users\lenovo\Desktop\Games\new games\Crysis\Crysis.Multi-5.Full-Rip.Skullptura.7z//Crysis/dll.dll
C:\Users\Public\Videos\Sample Videos\desktop.ini
These are the files detected as infection.
Upload these Files to Virustotal one by one
Please visit Virustotal.com
- Click the Browse... button
- Navigate to the file C:\Users\Public\Videos\Sample Videos\desktop.ini
- Click the Open button
- Click the Send button
- Copy and paste the results back here please.
I got excited, thinking that the virus will be removed by just deleting it, I'm really sorry.
About C:\Users\Public\Videos\Sample Videos\desktop.ini, there is no file like that in that destination. I attached a screenshot of said folder if you want to see.
Okay, I will upload Connectify and update you. Thanks!
About C:\Users\Public\Videos\Sample Videos\desktop.ini, there is no file like that in that destination. I attached a screenshot of said folder if you want to see.
Okay, I will upload Connectify and update you. Thanks!
Attachments
Antivirus Result Update
Agnitum Riskware.HackTool!LT2poWNG63M 20131011
AhnLab-V3 Packed/Win32.Morphine 20131012
AntiVir TR/Spy.323072.37 20131012
Antiy-AVL 20131012
Avast Win32
atcher-AK [PUP] 20131012
AVG Crack.ME 20131012
Baidu-International 20131012
BitDefender Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Bkav 20131012
ByteHero 20130920
CAT-QuickHeal 20131011
ClamAV 20131012
Commtouch W32/Backdoor.TOOW-7695 20131012
Comodo TrojWare.Win32.Agent.WFN 20131012
DrWeb Trojan.MulDrop4.18160 20131012
Emsisoft Gen:Trojan.Heur.FU.tuW@aaQuVkl (B) 20131012
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD 20131012
F-Prot 20131012
F-Secure Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Fortinet Riskware/GamePatcher 20131012
GData Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Ikarus not-a-virus:RiskTool.Win32.Patcher 20131012
Jiangmin CrackTool.Patcher.gr 20131012
K7AntiVirus Riskware 20131011
K7GW Riskware 20131011
Kaspersky not-a-virus:CrackTool.Win32.Patcher.ha 20131012
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes PUP.Riskware.Patcher 20131012
McAfee RDN/Generic PUP.z!p 20131012
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20131012
Microsoft 20131012
MicroWorld-eScan Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
NANO-Antivirus 20131012
Norman 20131012
nProtect 20131011
Panda Trj/OCJ.A 20131012
PCTools Trojan.Gen 20131002
Rising Trojan.Win32.Generic.14429FD5 20131012
Sophos Troj/Agent-WFN 20131012
SUPERAntiSpyware 20131012
Symantec Trojan.Gen 20131012
TheHacker 20131011
TotalDefense 20131011
TrendMicro TROJ_SPNR.16L612 20131012
TrendMicro-HouseCall TROJ_SPNR.16L612 20131012
VBA32 20131011
VIPRE Trojan.Win32.Agent.wfn (v) 20131012
ViRobot Backdoor.Win32.A.Ceckno.323072 20131012
Wow it's hard to read when pasted. Those that have only dates (20131012) mean that it did not find any threat.
Agnitum Riskware.HackTool!LT2poWNG63M 20131011
AhnLab-V3 Packed/Win32.Morphine 20131012
AntiVir TR/Spy.323072.37 20131012
Antiy-AVL 20131012
Avast Win32
atcher-AK [PUP] 20131012AVG Crack.ME 20131012
Baidu-International 20131012
BitDefender Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Bkav 20131012
ByteHero 20130920
CAT-QuickHeal 20131011
ClamAV 20131012
Commtouch W32/Backdoor.TOOW-7695 20131012
Comodo TrojWare.Win32.Agent.WFN 20131012
DrWeb Trojan.MulDrop4.18160 20131012
Emsisoft Gen:Trojan.Heur.FU.tuW@aaQuVkl (B) 20131012
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD 20131012
F-Prot 20131012
F-Secure Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Fortinet Riskware/GamePatcher 20131012
GData Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Ikarus not-a-virus:RiskTool.Win32.Patcher 20131012
Jiangmin CrackTool.Patcher.gr 20131012
K7AntiVirus Riskware 20131011
K7GW Riskware 20131011
Kaspersky not-a-virus:CrackTool.Win32.Patcher.ha 20131012
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes PUP.Riskware.Patcher 20131012
McAfee RDN/Generic PUP.z!p 20131012
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20131012
Microsoft 20131012
MicroWorld-eScan Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
NANO-Antivirus 20131012
Norman 20131012
nProtect 20131011
Panda Trj/OCJ.A 20131012
PCTools Trojan.Gen 20131002
Rising Trojan.Win32.Generic.14429FD5 20131012
Sophos Troj/Agent-WFN 20131012
SUPERAntiSpyware 20131012
Symantec Trojan.Gen 20131012
TheHacker 20131011
TotalDefense 20131011
TrendMicro TROJ_SPNR.16L612 20131012
TrendMicro-HouseCall TROJ_SPNR.16L612 20131012
VBA32 20131011
VIPRE Trojan.Win32.Agent.wfn (v) 20131012
ViRobot Backdoor.Win32.A.Ceckno.323072 20131012
Wow it's hard to read when pasted. Those that have only dates (20131012) mean that it did not find any threat.
I followed the instructions to show the hidden files but there really is no desktop.ini in that location. I attached a screenshot to show said location with the hidden files being shown.
On the connectify file, I uploaded it to virustotal.com and analyzed it. Here is the result.
Antivirus Result Update
Agnitum Riskware.HackTool!LT2poWNG63M 20131011
AhnLab-V3 Packed/Win32.Morphine 20131012
AntiVir TR/Spy.323072.37 20131012
Antiy-AVL 20131012
Avast Win32atcher-AK [PUP] 20131012
AVG Crack.ME 20131012
Baidu-International 20131012
BitDefender Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Bkav 20131012
ByteHero 20130920
CAT-QuickHeal 20131011
ClamAV 20131012
Commtouch W32/Backdoor.TOOW-7695 20131012
Comodo TrojWare.Win32.Agent.WFN 20131012
DrWeb Trojan.MulDrop4.18160 20131012
Emsisoft Gen:Trojan.Heur.FU.tuW@aaQuVkl (B) 20131012
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD 20131012
F-Prot 20131012
F-Secure Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Fortinet Riskware/GamePatcher 20131012
GData Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Ikarus not-a-virus:RiskTool.Win32.Patcher 20131012
Jiangmin CrackTool.Patcher.gr 20131012
K7AntiVirus Riskware 20131011
K7GW Riskware 20131011
Kaspersky not-a-virus:CrackTool.Win32.Patcher.ha 20131012
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes PUP.Riskware.Patcher 20131012
McAfee RDN/Generic PUP.z!p 20131012
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20131012
Microsoft 20131012
MicroWorld-eScan Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
NANO-Antivirus 20131012
Norman 20131012
nProtect 20131011
Panda Trj/OCJ.A 20131012
PCTools Trojan.Gen 20131002
Rising Trojan.Win32.Generic.14429FD5 20131012
Sophos Troj/Agent-WFN 20131012
SUPERAntiSpyware 20131012
Symantec Trojan.Gen 20131012
TheHacker 20131011
TotalDefense 20131011
TrendMicro TROJ_SPNR.16L612 20131012
TrendMicro-HouseCall TROJ_SPNR.16L612 20131012
VBA32 20131011
VIPRE Trojan.Win32.Agent.wfn (v) 20131012
ViRobot Backdoor.Win32.A.Ceckno.323072 20131012
Thanks kuttus!
On the connectify file, I uploaded it to virustotal.com and analyzed it. Here is the result.
Antivirus Result Update
Agnitum Riskware.HackTool!LT2poWNG63M 20131011
AhnLab-V3 Packed/Win32.Morphine 20131012
AntiVir TR/Spy.323072.37 20131012
Antiy-AVL 20131012
Avast Win32
atcher-AK [PUP] 20131012AVG Crack.ME 20131012
Baidu-International 20131012
BitDefender Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Bkav 20131012
ByteHero 20130920
CAT-QuickHeal 20131011
ClamAV 20131012
Commtouch W32/Backdoor.TOOW-7695 20131012
Comodo TrojWare.Win32.Agent.WFN 20131012
DrWeb Trojan.MulDrop4.18160 20131012
Emsisoft Gen:Trojan.Heur.FU.tuW@aaQuVkl (B) 20131012
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD 20131012
F-Prot 20131012
F-Secure Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Fortinet Riskware/GamePatcher 20131012
GData Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
Ikarus not-a-virus:RiskTool.Win32.Patcher 20131012
Jiangmin CrackTool.Patcher.gr 20131012
K7AntiVirus Riskware 20131011
K7GW Riskware 20131011
Kaspersky not-a-virus:CrackTool.Win32.Patcher.ha 20131012
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes PUP.Riskware.Patcher 20131012
McAfee RDN/Generic PUP.z!p 20131012
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20131012
Microsoft 20131012
MicroWorld-eScan Gen:Trojan.Heur.FU.tuW@aaQuVkl 20131012
NANO-Antivirus 20131012
Norman 20131012
nProtect 20131011
Panda Trj/OCJ.A 20131012
PCTools Trojan.Gen 20131002
Rising Trojan.Win32.Generic.14429FD5 20131012
Sophos Troj/Agent-WFN 20131012
SUPERAntiSpyware 20131012
Symantec Trojan.Gen 20131012
TheHacker 20131011
TotalDefense 20131011
TrendMicro TROJ_SPNR.16L612 20131012
TrendMicro-HouseCall TROJ_SPNR.16L612 20131012
VBA32 20131011
VIPRE Trojan.Win32.Agent.wfn (v) 20131012
ViRobot Backdoor.Win32.A.Ceckno.323072 20131012
Thanks kuttus!
I deleted it and restarted. There seems to have an slight improvement but the laptop still runs slow. Are there other applications that could detect the problem?
You know what, kuttus? Thank you for assisting me.
You know what, kuttus? Thank you for assisting me.
- Oct 5, 2012
- 2,697
Do you have Google Chrome? How's Google Chrome working? Is it slow?
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />
Last edited by a moderator:
Yes I use chrome and it really runs slow. For example, it says that the page is unresponsive and asks if I would like to close it. When I'm typing, like this time, the letters are slow to appear.
Anyway, here is the log of tdsskiller. It detected two suspicious threats and I chose "skip" as you instructed.
Anyway, here is the log of tdsskiller. It detected two suspicious threats and I chose "skip" as you instructed.
Okay, I unchecked the two extensions. By the way, I should not do anything with the threats found by tdsskiller right?
Similar threads
- Locked
- Locked
