What is “Win32/TrojanDownloader.Adload.NTZ”?

The Win32/TrojanDownloader.Adload.NTZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Adload.NTZ virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Network activity detected but not expressed in API logs

How to determine Win32/TrojanDownloader.Adload.NTZ?


File Info:
crc32: FF4FCF2D
md5: b2c85ed3d21b1649e8ae2667d1d09d29
name: B2C85ED3D21B1649E8AE2667D1D09D29.mlw
sha1: 0f4590e11686dab905356dcdcb41092dac421a0f
sha256: 265dff83433a3dc4af7792ac575b4ecc054a713bac74621de856a8273917353a
sha512: 87adf6786f7ab13da8cf89f69c90bb1a3a13801225f335a3c17b77f80a56a482ede1746067fae474903cdc6e8d46947e2eb262dfea52a4f68a13d08915e64b4f
ssdeep: 12288:z7blM8aNEiBePS9Bfc9reCCBzgQMoXddvDk67azlqqnHTEknjMxIoYlnlz:z7blbAKqHc9re0QPA67aRq8Imj4Y3
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName:                                                             
Comments: This installation was built with Inno Setup.
ProductName: SMPlayer Downloader                                         
ProductVersion: 18.6.0                                            
FileDescription: SMPlayer Downloader Setup                                   
Translation: 0x0000 0x04b0

Win32/TrojanDownloader.Adload.NTZ also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Adposhel.94
Cynet	Malicious (score: 99)
ALYac	Application.Bundler.BTC
Cylance	Unsafe
Zillya	Adware.CloudScout.Win32.977
Sangfor	PUP.Win32.Bundler.BTC
Alibaba	AdWare:Win32/CloudScout.9b8478d9
Cybereason	malicious.3d21b1
Symantec	Trojan.Gen.MBT
ESET-NOD32	Win32/TrojanDownloader.Adload.NTZ
APEX	Malicious
Avast	FileRepMetagen [PUP]
ClamAV	Win.Malware.Ursu-7435917-0
Kaspersky	not-a-virus:AdWare.Win32.CloudScout.lpc
BitDefender	Application.Bundler.BTC
NANO-Antivirus	Trojan.InnoSetup.CloudScout.fjwvmk
MicroWorld-eScan	Application.Bundler.BTC
Tencent	Win32.Adware.Cloudscout.Pfsy
Sophos	Generic PUA AP (PUA)
Comodo	Malware@#1bbtxwiach9jd
BitDefenderTheta	AI:Packer.D204062917
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.AdwareFileTour.jc
FireEye	Application.Bundler.BTC
Emsisoft	Application.Bundler.BTC (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1112383
Microsoft	Trojan:Win32/Occamy.C
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
GData	Application.Bundler.BTC
AhnLab-V3	Malware/Gen.Generic.C2679097
McAfee	Artemis!B2C85ED3D21B
MAX	malware (ai score=99)
VBA32	Adware.CloudScout
Panda	Trj/CI.A
MaxSecure	Trojan.Malware.118212648.susgen
Fortinet	W32/Adload.NTZ!tr
AVG	FileRepMetagen [PUP]

How to remove Win32/TrojanDownloader.Adload.NTZ?

Win32/TrojanDownloader.Adload.NTZ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X