How to Remove TrojanADH2 Completely

What Is Trojan.ADH.2?

Trojan.ADH.2 is a malicious Trojan horse designed to have ability to do destructive activities on the infected computer. It can badly destroy a victim's computer system and steal the users' confidential information without any knowledge. Usually, it hides itself in websites which have been hacked by the rogue hackers. If users visit the hacked websites, it may be downloaded to the computers furtively. It can also enter into users' computers via spam emails. When users click on the suspicious links embedded in the spam emails or open the attachments (which look harmless but actually not), they would activate the malicious codes of the Trojan horse. Besides, freeware is also used by this Trojan horse to spread itself. It hides its installer in the freeware, and once user download and install such freeware to their computers, this Trojan horse is installed as well.

When installed, Trojan.ADH.2 will create and inject its registry entries into the Windows registry so that it can make changes to default system configuration such as Master Boot Record, one important part of Windows that takes control of the operating system's boot loader. By doing so, it is able to run automatically every time Windows boots up. While running in the background, this Trojan horse will try to do a series of malicious activities according to the commands received from the remote hackers. It randomly deletes some system files as well as folders, and disables certain programs or services without any permission, which causes some programs to be unable to start or the computer system to run abnormally. It also stealthily connects to certain websites and downloads other malware to the infected computer, which will put the system at great risk and greatly degrade the computer performance. Furthermore, it may create a backdoor in the system, allowing the remote hackers to access the files and data stored on the computer. Having this Trojan horse in their computers, users may end up spending much money to fix the problems caused by this Trojan horse and even encountering identify theft and data loss. It is no doubt that Trojan.ADH.2 is very dangerous and must be removed as soon as possible.

Effects of the Trojan Horse

1. It may significantly slow down the computer's performance.

2. It may generate a lot of pop-ups which may include fake alert messages and commercial ads.

3. It may damage some system files and disable certain programs, causing the system to malfunction.

4. It may cause the network speed to become slower and users have to wait for a long time to access the desired websites.

5. It may track users' online activities, collect valuable data stored on the computer, and then send them to the rogue hackers.

How to Remove Trojan.ADH.2?

There are two ways to get rid of the threat, the manual way and the automatic way. In the following, we will give the detailed steps of these two ways. You can choose one of them to deal with the Trojan horse, depending on your own situation.

Steps of the Manual Way (For Advanced PC Users):

Step 1: Reboot your computer into the Safe Mode with Networking.

a. Reboot your computer. When it starts loading up, you should keep pressing the F8 key repeatedly.

b. Use the arrow keys to highlight "Safe Mode with Networking", when the "Advanced Boot Options" shows up on the screen.

c. Press Enter to go ahead.

Step 2: Stop the process of Trojan.ADH.2.

a. Right click on the taskbar and select the "Task Manager" option. Then the Windows Task Manager will be launched.

b. Click "Processes" tab, scroll down to search for the Trojan horse related process.

c. Click on it and click the "End Process" button to stop it.

Step 3: Show all hidden files and folders.

a. Click Start menu and then select "Control Panel" option.

b. Click on "Appearance and Personalization" link.

c. Select "Folder Options", and click the "View" tab.

d. Under "Advanced settings", tick "Show hidden files, folders and drives", non-tick "Hide protected operating system files (Recommended)" and then click OK.

Step 4: Navigate to local disk C, find out and remove all the files related to Trojan.ADH.2.

Those malicious files may be found in the following folders:

Step 5: Delete all registry entries associated with the Trojan horse.

a. Open Registry Editor (Go to the Start menu, type "Reg" into the search box and click the program named "Registry Editor" from the result list).

b. Find out all Trojan.ADH.2 associated registry entries and remove them all.

Steps of the Automatic Way (For Novice Users):

The manual way should not be attempted by novice users, since it involves several complicated steps. If users make any mistakes during the process, the system would be damaged and malfunction. The automatic way is here for all users, especially the users who have less experience in computer operation. Please take the steps below to automatically remove Trojan.ADH.2.

Step 1: Download and install an advanced removal tool on the infected computer.

Step 2: Run the tool to start a full system scan. Now the removal tool will completely scan the hard drives and then show all detected threats in the system.

Step 3: Make sure that no any legitimate files are in the result list, check all malicious items, and then click the Remove button to remove all threats on the system.

Step 4: Reboot the computer after the removal. Run a full system scan again whether the Trojan horse and other related threats have been removed completely.

Conclusion:

Trojan.ADH.2 is a vicious Trojan horse designed by hackers to damage the infected computers and steal sensitive information or data from the users. This Trojan horse is often distributed by some free software downloaded from unreliable resources, spam emails with suspicious links and attachments, or websites that have been hacked by the rogue hackers. So, users should use caution when surfing online, if they want to avoid unwanted infections or loss. Basically, this Trojan horse will do many malicious things according to commands from the hackers. It can do many malicious things inside the infected computer and causes various unpleasant problems. To avoid unnecessary trouble, users should remove Trojan.ADH.2 as early as possible. Generally, users tend to use antivirus programs to remove threats on their computers. However, the Trojan horse is able to bypass the detection and removal by common antivirus programs. In this case, users can consider manually get rid of the Trojan horse, or download a more advanced removal tool to automatically remove it. It just depends on users' own situation.

Important Note: The manual removal is not for everyone. Sometimes, even the computer geeks have to rely on a removal tool when encountering malware threats. So, if you are a novice user, it is highly recommend using an automatic removal tool to deal with the Trojan horse.

Trojan-Trensil Malware

Trojan.Trensil is a trojan horse, a form of malware. It contains malicious code that, when executed, carries out actions that typically cause loss or theft of data.

Trojans can also open a back-door into your system, contacting a controller which can then have unauthorized access to your computer. Trojans may also harm your computer directly.

The term trojan horse comes from the tale of the wooden horse used to defeat the City of Troy in an ancient Greek legend. The story goes that the army besieging Troy pretended to give up by sailing away. However they left behind a gigantic wooden horse. The Trojans treated the horse as booty and hauled it into their city. That night, soldiers concealed in the horse came out and captured Troy.

The comparison is apt. In the world of information technology, trojan horses often use social engineering to infect computers, persuading their victims to voluntarily install them on their computers by presenting themselves as useful or interesting programs or files.

If you are infected, it is likely that the trojan got into your computer when you unknowingly:

• clicked on malicious links or visited malicious websites, or you
• downloaded freeware, adware or other content, or you
• opened infected emails, or you
• connected an infected USB device or other media to your computer.

In all these cases, Trojan-Trensil is distributed via a specially crafted PDF document acting as a carrier which exploits a vulnerability that is found in most versions of Windows.

What Trojan.Trensil does to your computer?

The first thing that Trojan.Trensil does is to create the following files:

• %Temp0ELISEA310.TMP
• %UserProfile%Templates1A0E621SV.CAB
• %UserProfile%Templateswincex.dll
• %UserProfile%Templateswincex.dllbk

Immediately after that, it makes changes to the following registry subkey:

• HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWmdmPMM

Then the trojan creates a service called WmdmPMM. This service causes the trojan to be executed every time you start up your system.

After that, it connects to two remote locations:

• 112.185.190.193
• 163.30.24.5

Once the trojan has connected to these to locations, you computer is completely vulnerable. The malware can now receive commands from the attacker's remote location and send information to that or other remote locations.

Therein lies the danger... your private data (bank account numbers, credit card details, passwords etc) is now entirely exposed, ready for the taking.

In addition, this trojan is difficult to detect because it can enter your antivirus program and disable it, along with your firewall.

While the above description of what Trojan.Trensil does to you computer may seem a bit technical, knowing the details of how this malware operates is the key to getting rid of it as you'll see below.

So how do you know if you have the trojan?

Symptoms of a Trojan.Trensil attack

Here are some common symptoms of a Trojan.Trensil infection:

[1] Your system slows down considerably. You'll notice it when you try to open programs, connect with the internet or shut down your computer. This is because the malware is increasing the use of your CPU (central processing unit). If it is not removed it can cause a complete crash.

[2] You are plague with pop-up ads. This happens because Trojan.Trensil has corrupted your Windows registry in order to deploy these unwanted advertisements.

[3] You find that searches using Google and Yahoo are redirected to a variety of unwanted sites which can be infected. You'll notice that the background image on your desktop and your browser's homepage settings have changed. These are common symptoms of a Trojan.Trensil infection.

[4] You may also notice that various files, folders, icons and shortcuts in different locations of the system are being created.

Having these symptoms does not necessarily prove that you are infected by this particular trojan. However, they are strong indicators that you have a serious problem.

You can check for a Trojan.Trensil infection by searching for any of the four files shown above. In addition, you could look in the Windows registry for the registry subkey mentioned above.

Removing the Trojan.Trensil

Here's how you can rid your computer of this trojan:

[1] Turn of Windows System Restore - in your desktop explorer, right-click on My Computer and select Properties. Click on the Systems Restore tab. In the Systems Restore dialogue box, click Turn off System Restore on all drives. Ignore the warning in the pop-up box and click OK.

[2] Restart your computer in safe mode - as your computer is starting up, press the key F8 rapidly until the Advanced Options menu shows on your screen. Then select Safe mode from the menu that appears.

[3] Delete temporary internet files - open desktop explorer (either from the start button or by pressing the Windows key and E at the same time). Click on Local Disk (C:). Then navigate to:Documents and SettingsYourusernameLocal SettingsTemporary Internet Files. You need to delete all these files.

Click anywhere in the right hand pane then press Control and A simultaneously to highlight all the files. Hit the Delete button while holding down Shift and when the warning box comes up, click OK (still holding Shift down). All the files will disappear.

[Holding Shift down means the files are deleted fully rather than being sent to the Recycle Bin. If you don't hold down Shift then you'll have to empty the Recycle Bin.]

[4] Open Task Manager - by pressing the ALT+CTRL+DEL keys simultaneously. Windows Task Manager will open. You need to free up your CPU by ending any useless programs that are running.

You can find the programs you need to end as follows:

If you are in Windows 7 or earlier versions of the Windows operating system, go through the list of programs under the Processes tab. Look for telltale signs of malicious programs, such as programs with odd-looking filenames or ones that are running from a temporary folder. Once you have found a program you want to end, highlight it and then click on End Process.

If you are using Windows 8, go through the list of programs shown under the Details tab in Task Manager. Check under the Command-line column (on the right). Again, once you have found a program you want to end, highlight it and then click on End Process.

[5] Clean up registry entries created by Trojan.Trensil - the easiest way to do this is to delete all files that are safe to remove from the registry. There are two ways you can do this:

(a) Click the Start button and then click Run. Type regedit.exe in the Run dialogue box that appears and click OK. When the Registry Editor box opens, click on Edit and then on Find. Enter the name of a file you want to remove in the File What field and click Find Next. When the file turns up you can delete it. You can the precise names of files that can be safely deleted by going to a Norton/McAfee knowledgebase site.

(b) A simpler way to download and use a maintenance application such as jv16 Power Tools which includes a registry cleanup program. You just follow the instructions to find a list of 'files that should be safe to remove' and then click on the Remove button.

That's it! Your computer should now be free of the Trojan.Trensil malware, provided you have been able to follow the above steps for getting rid of it.

If you find it too complicated, you should contact an online computer maintenance and repair company who can clean up your computer from a remote location. The cost should not exceed €20-25 or $30-35.

But, whatever you do, it is vital that you get rid of the Trojan.Trensil malware as soon as possible.