TrojanDownloader:Win32/Adload is a trojan downloader family that is written in Visual Basic.
The trojans for this family are typically through various botnets.
The trojans normally have a Visual Basic project name of "Project1" with a project file path of "*\Ae:\temp\project1.vbp".
The trojan is normally placed in an archive, typically a rar archive, or an installer, typically Nullsoft Scriptable Install System (NSIS).
The TrojanDownloader:Win32/Adload trojan downloads a file named "drsmartload.exe" from http://*.dollarrevenue.com/* and then executes it.
This downloaded file is stored temporarily as "drsmartload.exe" in the Temporary Internet Files folder of the current user, and is then copied to the root of the main drive, normally "C:\", when it has completed downloading.
The downloaded "drsmartload.exe" file normally downloads various spyware/adware files. But, as this file is stored remotely, it can be changed at any time.
The following system changes may indicate the presence of this malware: