Follow:

You have been re-routed to the TrojanDownloader:Win32/Adload write up because TrojanDownloader%3aWin32%2fAdload has been renamed to TrojanDownloader:Win32/Adload
 

TrojanDownloader:Win32/Adload


TrojanDownloader:Win32/Adload is a trojan written in Visual Basic that downloads a file named "drsmartload.exe" from http://*.dollarrevenue.com/* and then executes it. The trojan disables Windows' proxy settings. The downloaded "drsmartload.exe" file also acts as a downloader, but as this file is stored remotely, its functionality can be changed at any time.


What to do now

Manual removal is not recommended for this threat. Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Threat behavior

TrojanDownloader:Win32/Adload is a trojan downloader family that is written in Visual Basic.
 
The trojans for this family are typically through various botnets.
 
The trojans normally have a Visual Basic project name of "Project1" with a project file path of "*\Ae:\temp\project1.vbp".
 
The trojan is normally placed in an archive, typically a rar archive, or an installer, typically Nullsoft Scriptable Install System (NSIS).
 
The TrojanDownloader:Win32/Adload trojan downloads a file named "drsmartload.exe" from http://*.dollarrevenue.com/* and then executes it.
This downloaded file is stored temporarily as "drsmartload[1].exe" in the Temporary Internet Files folder of the current user, and is then copied to the root of the main drive, normally "C:\", when it has completed downloading.

The downloaded "drsmartload.exe" file normally downloads various spyware/adware files. But, as this file is stored remotely, it can be changed at any time.

Symptoms

System changes
The following system changes may indicate the presence of this malware:
  • The presence of the following file:
    project1.vbp

Prevention


Alert level: High
First detected by definition: 1.45.287.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Nov 01, 2006
This entry was updated on: Apr 17, 2011

This threat is also detected as:
No known aliases