Adware.ICLoader removal guide

The Adware.ICLoader is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Adware.ICLoader virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Queries information on disks, possibly for anti-virtualization
Behavior consistent with a dropper attempting to download the next stage.
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Attempts to modify proxy settings
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

static.133.1.203.116.clients.your-server.de

How to determine Adware.ICLoader?


File Info:
crc32: BFC62739
md5: c339c8c591c902efd803ad56f1aabf47
name: cheat.exe
sha1: bf94247b3f607794d5bbe4f295d1e8ca5ced8b32
sha256: 38db7683a3f2057d97684f77ac4045c1e8279086d9e7493624877734d709e7e3
sha512: 0e353d57738931fba87ef4351b1435459dff234830c5e53d4f84a4ce1ffd877f0c8bcfb872002ee47e44e0e73dfc0cd14f72e3cf4f798a028ed508032ebfbcb4
ssdeep: 24576:MbF7ev/PLLDqwX2XJw2PHmFrljSxjLaE+akztuew1544Xu3pPsT:M4XjawX0JfClEJ3gue94+3RG
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Adware.ICLoader also known as:

MicroWorld-eScan	Trojan.Generic.23264391
CAT-QuickHeal	Trojan.Ekstak
McAfee	ICLoader!C339C8C591C9
Malwarebytes	Adware.ICLoader
Zillya	Trojan.Ekstak.Win32.18649
BitDefender	Trojan.Generic.23264391
K7GW	Trojan ( 00543e021 )
K7AntiVirus	Trojan ( 005452be1 )
TrendMicro	TROJ_GEN.R060C0OLJ18
NANO-Antivirus	Virus.Win32.Gen.ccmw
Cyren	W32/S-11974717!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R060C0OLJ18
Paloalto	generic.ml
GData	Trojan.Generic.23264391
Kaspersky	Trojan.Win32.Ekstak.ljgu
Rising	Trojan.Kryptik!1.AA23 (CLOUD)
Ad-Aware	Trojan.Generic.23264391
Sophos	Generic PUA LP (PUA)
Comodo	ApplicUnwnt@#1m3zrxsgu21lb
F-Secure	Trojan.Generic.23264391
DrWeb	Trojan.InstallCube.3825
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.Generic.23264391 (B)
F-Prot	W32/S-11974717!Eldorado
Jiangmin	Trojan.Ekstak.wrj
Webroot	W32.Trojan.Gen
Avira	PUA/ICLoader.Gen8
Antiy-AVL	Trojan/Win32.Ekstak
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D162FC87
ZoneAlarm	Trojan.Win32.Ekstak.ljgu
Microsoft	Trojan:Win32/Occamy.C
AhnLab-V3	PUP/Win32.ICLoader.C2897142
Acronis	suspicious
VBA32	TScope.Malware-Cryptor.SB
ALYac	Trojan.Generic.23264391
Cylance	Unsafe
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.GNVZ
Tencent	Win32.Trojan.Ekstak.Svqv
Yandex	Trojan.Ekstak!
SentinelOne	static engine – malicious
Fortinet	W32/GenKryptik.CTDK!tr
AVG	Win32:AdwareX-gen [Adw]
Cybereason	malicious.591c90
Avast	Win32:AdwareX-gen [Adw]
CrowdStrike	malicious_confidence_80% (W)
Qihoo-360	Win32/Virus.835

How to remove Adware.ICLoader?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Adware.ICLoader removal guide