About “MSIL/Adware.Dotdo.IW” infection

The MSIL/Adware.Dotdo.IW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Adware.Dotdo.IW virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine MSIL/Adware.Dotdo.IW?


File Info:
name: FB1913907D3DC18C302F.mlw
path: /opt/CAPEv2/storage/binaries/5d3f95445c6e55d8facc29b19beba5e9165ccd818b53662f97a16c34f4215518
crc32: D8D937C0
md5: fb1913907d3dc18c302fe48e90830eda
sha1: b2e1a63facce77fb24418ec05854d72bfb6bb172
sha256: 5d3f95445c6e55d8facc29b19beba5e9165ccd818b53662f97a16c34f4215518
sha512: 46daefc56eab0b189cd1303ef3ac3c8db158709bc428ff9d9df5b18e299298871147cf17a5c18ae15079f92fcb8a890a11ce26bf199333dbd4f74cd05704ce68
ssdeep: 96:3SW4G2pmQhadjwhnwcOqILMdz9AtEjCJW6UMfyktnzNto:D4G6NadjwhnwcHILc5AyuJt5Xtxu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172F1D722B368C737CD3B0F325D7763801775A781996ADE9E78CA040F9E937104682BB6
sha3_384: b1ff59465a8f8303ecdf75daa280ed4b99dd310eab45974b1c2d373643b85e306ebb393610693a4d577bb8dc4aeea97e
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-13 06:07:07

Version Info:
Translation: 0x0000 0x04b0
CompanyName: Waken Inc.
FileDescription: Waken
FileVersion: 5.7.4.54
InternalName: Waken.exe
LegalCopyright: © 2017 Waken
OriginalFilename: Waken.exe
ProductName: Waken
ProductVersion: 5.7.4.54
Assembly Version: 5.7.4.54

MSIL/Adware.Dotdo.IW also known as:

Lionic	Adware.MSIL.Agent.2!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.38081052
FireEye	Generic.mg.fb1913907d3dc18c
McAfee	Artemis!FB1913907D3D
Cylance	Unsafe
K7AntiVirus	Adware ( 0058a35a1 )
Alibaba	AdWare:MSIL/Dotdo.8212e219
K7GW	Adware ( 0058a35a1 )
Cyren	W32/MSIL_Troj.BDK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Adware.Dotdo.IW
TrendMicro-HouseCall	TROJ_GEN.R002H0CKL21
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:HEUR:AdWare.MSIL.Agent.gen
BitDefender	Trojan.GenericKD.38081052
Avast	FileRepMalware
Tencent	Msil.Adware.Agent.Ectt
Ad-Aware	Trojan.GenericKD.38081052
Emsisoft	Trojan.GenericKD.38081052 (B)
McAfee-GW-Edition	Artemis!Trojan
Sophos	Generic PUA LC (PUA)
Ikarus	AdWare.MSIL.Dotdo
Avira	HEUR/AGEN.1143668
MAX	malware (ai score=80)
Microsoft	Program:Win32/Wacapew.C!ml
ViRobot	Adware.Dotdo.7680.FOM
GData	Trojan.GenericKD.38081052
ALYac	Trojan.GenericKD.38081052
Malwarebytes	Adware.DotDo
APEX	Malicious
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Adware/Dotdo
AVG	FileRepMalware
Panda	Trj/GdSda.A

How to remove MSIL/Adware.Dotdo.IW?

MSIL/Adware.Dotdo.IW removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X