Categories: Trojan

How to remove “Win32/TrojanDownloader.Small.ADP”?

The Win32/TrojanDownloader.Small.ADP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/TrojanDownloader.Small.ADP virus can do?

Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (2 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Win32/TrojanDownloader.Small.ADP?


File Info:
name: A266320FFEE1F708C869.mlwpath: /opt/CAPEv2/storage/binaries/c9cace17f14e47cc52af1d36b0030d4c0785eb3b042fb4652a1e1fae4e66e9fccrc32: D32BB0EDmd5: a266320ffee1f708c869aabfc3a6551esha1: a367e45630a1acd8374faaab2c225d3cb89c6863sha256: c9cace17f14e47cc52af1d36b0030d4c0785eb3b042fb4652a1e1fae4e66e9fcsha512: a3a3706e25e383f2ca205f79ea3c0da98ebdc40474fbee8b643ac21d34f31a838b78ba085db596e78b486352e6b55ca23318ea9bfba7153efc6de8574052ca48ssdeep: 192:2K/tsts2p1IgzOOsLFD9xx4BAGY1oynFxbleCuj48QIY6j3J8DFcrU+rqA3:n/uXhyD9xx4mGY1ZbleCtZJoU+rtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12D5207167604D5B3E1A9D3F4A5B288451494AE338B005ED33FF9AE6E1B746C078B236Fsha3_384: 799077beef11f20abd7adcb73d2451fcf69b8dc26928dcb4b0f4d2443eb90a5809a73ff68de8caf8bb132c84b92485a3ep_bytes: 558bec6aff6868114000682024400064timestamp: 2014-04-18 17:37:58
Version Info:
0: [No Data]

Win32/TrojanDownloader.Small.ADP also known as:

Lionic	Trojan.Win32.Badur.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.1646607
McAfee	Generic.sj
Cylance	Unsafe
Zillya	Trojan.Badur.Win32.1952
Sangfor	Trojan.Win32.Agent2.mtm
K7AntiVirus	Trojan ( 0001140e1 )
Alibaba	TrojanDownloader:Win32/DwnLdr.59f1437c
K7GW	Trojan ( 0001140e1 )
Cybereason	malicious.ffee1f
Cyren	W32/Trojan.IEXC-5466
Symantec	Downloader.Upatre!gen3
ESET-NOD32	Win32/TrojanDownloader.Small.ADP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Agent2.mtm
BitDefender	Trojan.GenericKD.1646607
NANO-Antivirus	Trojan.Win32.Badur.cwznpt
Avast	Win32:Small-HTZS [Trj]
Tencent	Win32.Trojan.Badur.Lkne
Ad-Aware	Trojan.GenericKD.1646607
TACHYON	Trojan/W32.Badur.13824.E
Sophos	Mal/Generic-R + Troj/DwnLdr-LMY
Comodo	TrojWare.Win32.Agent.ADP@59oxlp
DrWeb	Trojan.DownLoad3.32784
VIPRE	Trojan.Win32.Generic!SB.0
TrendMicro	TROJ_UPATRE.YYKS
McAfee-GW-Edition	Generic.sj
FireEye	Generic.mg.a266320ffee1f708
Emsisoft	Trojan.GenericKD.1646607 (B)
Ikarus	Trojan-Spy.Zbot
GData	Win32.Trojan.Agent.Q29C82
Jiangmin	Trojan/Badur.cjw
Webroot	W32.Malware.Gen
Avira	TR/Spy.Zbot.ano
Antiy-AVL	Trojan/Generic.ASMalwS.995ACC
Kingsoft	Win32.Troj.Badur.hm.(kcloud)
Arcabit	Trojan.Generic
ViRobot	Dropper.S.Agent.13824.E
Microsoft	PWS:Win32/Zbot
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Smoaler.C307892
VBA32	Trojan.Badur
ALYac	Trojan.GenericKD.1646607
MAX	malware (ai score=99)
TrendMicro-HouseCall	TROJ_UPATRE.YYKS
Rising	Malware.FakeXLS/ICON!1.9C3D (CLASSIC)
Yandex	Trojan.Badur!eT4frCae5Xo
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_86%
Fortinet	W32/Tiny.NKL!tr.dldr
BitDefenderTheta	Gen:NN.ZexaF.34084.amW@aiQo7Aei
AVG	Win32:Small-HTZS [Trj]
Panda	Trj/WLT.A
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Trojan.Malware.300983.susgen