Win32:Adloader-S

Viruses and worms
1

Hello antivirus dudes ;D

i just started my comp and it says o have a Win32:Adloader-S in:

D:\Program\Microsoft Visual Studio\Common\Tools\Winapi\APILOAD.EXE

what should i do. i need visual studios for my work. i have had it installed for a half year now without any problems or any virus infections in it. i have never heared of this trojan. have u heared about it? i didnt find anything when i googled… is there somebody that can tell me what to do or/and what this Win32:Adloader-S does…
so far i havent done anything about it… can it be a false alarm?

i’m happy for all the answers i get!
best regards
Heggi

2

This is a trojan that was added to avast VPS today - http://www.avast.com/eng/vps_history.html

If you believe it to be a false positive there is some information about this available from another thread:
http://forum.avast.com/index.php?topic=7779.0

You may want to include some information and maybe a link to this thread.

3

Well a google search for apiload.exe returns many hits and it may be an incorrect, false positive detection.

Follow the advice in the link that Mike gave.

4

Just to add that it appears the link to the Jotti scanner is outdated in the link to the other forum. The new site for jotti is:

http://virusscan.jotti.org/

You may also want to try virustotal:

http://www.virustotal.com/flash/index_en.html

5

Mini sticky thread on False Positives updated.

6

i moved it to the chest… the scanner is busy so i cant scan it :-
i’ll take care of it later maybe… if it would be a false positive it’ll get removed sooner or later from the virus list… if not it might stay in the chest…

avast also found the same virus in system restore… also added to chest…

7

It will still be in system restore (system volume information folder in XP), the only way to remove it from there, windows protected storage is to disable system restore, reboot, scan, and if clear enable system restore again.

When it is in the chest you can’t upload to the on-line scanners as it is protected by avast.

8

yes i know i have to restore it before i can scan it with the online scanner. but it says that the online scanner is extremely busy :-
well maybe my program still work without that infected file…
i’ll keep in chest now for a while at least. thanks for all the tips. if the scanner isnt so busy another day i’ll try restoring and scanning it then :wink:

9

There are two links in Mike’s post, Jotti is usually quite busy the other one VirusTotal is not frequently busy.

10

http://www.virustotal.com/ gives Connection Reset by Peer
http://virusscan.jotti.org/ finally allowed me to upload (after disabling avast!.. even though i told it to ignore >:()

File:
APILOAD.EXE
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5
a7b5a084969480b7af8a796190847a19

avast engine was the only one to find anything.

Definitely false positive.