Adware

Win32/Adware.ICLoader.MB removal guide

Malware Removal

The Win32/Adware.ICLoader.MB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Adware.ICLoader.MB virus can do?

  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine Win32/Adware.ICLoader.MB?


File Info:

name: BAE4FA84C69A84FC9356.mlw
path: /opt/CAPEv2/storage/binaries/c5bfb701cff85bf8194b5a2f51decf24d396cf77ba83b9da0726ed142b7f4261
crc32: 2FAFA06D
md5: bae4fa84c69a84fc935695e8944e7fff
sha1: dbfc886f62d5f064336044ef3f0a0c6774dedc6d
sha256: c5bfb701cff85bf8194b5a2f51decf24d396cf77ba83b9da0726ed142b7f4261
sha512: 8c188d43f4fd29b0cfa06aede43e24c190d2dbba87b1fc4d7aa1e683681f5ca13658c195426ff1c3f458a0715dfebc1270b2d047f22a5e6432e07f90820f3d67
ssdeep: 24576:jdIoD+fJXrbeRncQIkFeb0M3GxlRTSCzl9:jdIoafJXrbqO8lSCzl9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T159158D12F6E180BED13302354A3DB37465BFBD310935A21727EA6F2D9EB4491AE24763
sha3_384: d7477c135407955ce2a19b5200391e492bccd658c7aed3793630066d1d7f4e2c3e6963f44390bf086228a8515aa1bef6
ep_bytes: e8e86e0000e97ffeffff3b0d60b74b00
timestamp: 2015-11-03 14:09:50

Version Info:

0: [No Data]

Win32/Adware.ICLoader.MB also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.350559
FireEyeGeneric.mg.bae4fa84c69a84fc
ALYacGen:Variant.Zusy.350559
CylanceUnsafe
Cybereasonmalicious.4c69a8
BitDefenderThetaGen:NN.ZexaE.34742.2uW@aiJswwnk
ESET-NOD32a variant of Win32/Adware.ICLoader.MB
Kasperskynot-a-virus:HEUR:AdWare.Win32.SmartInstaller.gen
BitDefenderGen:Variant.Zusy.350559
NANO-AntivirusTrojan.Win32.SelfDel.fwgrmi
Ad-AwareGen:Variant.Zusy.350559
SophosGeneric ML PUA (PUA)
EmsisoftGen:Variant.Zusy.350559 (B)
IkarusTrojan-Ransom.Torrentlocker
GDataGen:Variant.Zusy.350559
JiangminTrojan.Selfdel.ozj
MicrosoftPUADlManager:Win32/InstallCube
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.Generic.C1328170
MalwarebytesMalware.AI.2435496138
APEXMalicious
YandexTrojan.GenAsa!ORvoK2o4uUQ
MAXmalware (ai score=84)
MaxSecureTrojan.Malware.74507131.susgen
PandaTrj/GdSda.A

How to remove Win32/Adware.ICLoader.MB?

Win32/Adware.ICLoader.MB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment