Should I remove “MSIL/Adware.Dotdo.GJ”?

The MSIL/Adware.Dotdo.GJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Adware.Dotdo.GJ virus can do?

Sample contains Overlay data
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine MSIL/Adware.Dotdo.GJ?


File Info:
name: 780E095ADA049FE1D542.mlw
path: /opt/CAPEv2/storage/binaries/43b5dbb78e832c527a3a92e7f4eda1b28575c23b36bf86391a10f1b09c0190e7
crc32: D85CD525
md5: 780e095ada049fe1d54291fd3748b665
sha1: f2b63d7d1b4810ce359b890ba0e74499b89cc327
sha256: 43b5dbb78e832c527a3a92e7f4eda1b28575c23b36bf86391a10f1b09c0190e7
sha512: 1966e600c46a3880cde4ff16b9031b11160a1f079575f313a5e01d7ef02931acb5ca27e791fa23efb5b250d86d92788477dbbe7b3b58e4cedafeb34f699f0e25
ssdeep: 48:6ieMSqMJ0X9vrh1oqXg/TW3JGyzua9zTHrj+tWakFcLcHSvpd4r3F:8+id/TWtua9zTHrjxwgSvpST
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12CB1A41687E42337E8728B76FD7313A4A278EB22EBB7470E084445076C166345D3AF66
sha3_384: c0f18f519e34ed968cb44adfecabe80e27e02941e61276442de292b6f9e5ba03cf7aa7fee9f610f7d3f13a7bc5551e62
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-05-07 09:18:48

Version Info:
Translation: 0x0000 0x04b0
FileDescription: mismanaged
FileVersion: 2.6.5.90
InternalName: antic.exe
LegalCopyright:  
OriginalFilename: antic.exe
ProductVersion: 2.6.5.90
Assembly Version: 2.6.5.90

MSIL/Adware.Dotdo.GJ also known as:

Lionic	Adware.MSIL.Agent.2!c
FireEye	Generic.mg.780e095ada049fe1
McAfee	Artemis!780E095ADA04
Malwarebytes	MachineLearning/Anomalous.93%
Sangfor	Adware.Msil.Dotdo.V6tt
Cyren	W32/Razy.CZ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Adware.Dotdo.GJ
APEX	Malicious
Kaspersky	not-a-virus:HEUR:AdWare.MSIL.Agent.gen
Avast	Win32:AdwareX-gen [Adw]
Tencent	Malware.Win32.Gencirc.1159550d
F-Secure	Heuristic.HEUR/AGEN.1308571
Zillya	Adware.Dotdo.Win32.78589
McAfee-GW-Edition	BehavesLike.Win32.AdwareTskLnk.zt
Sophos	Generic Reputation PUA (PUA)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1308571
Antiy-AVL	Trojan/Win32.Occamy
Kingsoft	malware.kb.c.1000
Xcitium	Application.MSIL.Dotdo.GJ@89zuv7
ViRobot	Adware.Dotdo.5123
ZoneAlarm	not-a-virus:HEUR:AdWare.MSIL.Agent.gen
Microsoft	PUA:Win32/Presenoker
Cynet	Malicious (score: 100)
AhnLab-V3	PUP/Win32.DotDo.C3264788
VBA32	Adware.MSIL.Agent
Cylance	unsafe
Panda	Trj/CI.A
Rising	Trojan.Fuerboos!8.EFC8 (CLOUD)
Yandex	PUA.Dotdo!Zjk9l7KOjsk
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Adware/Dotdo
AVG	Win32:AdwareX-gen [Adw]
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_100% (D)

How to remove MSIL/Adware.Dotdo.GJ?

MSIL/Adware.Dotdo.GJ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X