If your computer is infected with Trojan.ADH.2, you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.

Trojan.ADH.2 is a generic detection that was aimed to identify new malware threats without using the traditional anti-virus signatures. Trojan.ADH.2 is a malicious file or software that was purposely morphed by its author to hide its presence from anti-virus software. The Trojan does not self-replicate but has a tendency to download addition malware from a remote server.

Damage Level: High

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Once user executes Trojan.ADH.2, it will infect various system files. The Trojan will also replace legitimate Windows files with its own harmful code. Thus, the Trojan may load whenever the affected file is run on the system.

When the Trojan is running, it may perform other tasks that will benefit other viruses. Trojan.ADH.2 may reduce security settings and disable firewall on the computer. This will allow any Internet traffic to pass through without restrictions. The Trojan may also end security related process causing antivirus programs to deactivate. Without these security measures, affected computer is now much vulnerable to other virus attacks and intrusions.

Here is a screenshot image showing Symantec Antivirus detects the Trojan in real time.

This kind of Trojan basically spread through file-sharing networks. In most occasions, Trojan.ADH.2 author embeds the code onto legitimate executable files that are frequently downloaded from shared public server. Using a sophisticated technique, it often conceals itself from antivirus application. A Spam email message is another channel to distribute the Trojan to unspecified targets. It may arrive as an attached file that disguises as legitimate document file.


How to Remove Trojan.ADH.2

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of Trojan.ADH.2

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Online Virus Scanner:

Another way to remove Trojan.ADH.2 without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.

5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.

4 Responses

  1. Paul says:

    Just after loading a free trial for crisis 2 that came on a disc from a PC my Norton detected the ADH 2 Trojan. Do you think it came with the disc or came from the net?

  2. majortom says:

    Is your Crisis installer legitimate? If you are using downloaded game, be sure to scan it first before installing.

  3. RM says:

    Tried this solution but wasn’t successful. Followed everything…..any ideas?

  4. Patrick Ewing says:

    Just completed a virus scan from and this highlighted the following virus is showing up on my computer: “C:\tmp\MediaPlayerLite- is infected with Trojan.ADH.2”
    (NB: C:\tmp is where I download anything from the web before running it.)
    Should I be advising MediaPlayerLite about this too?!
    Not convinced that any removal plans tried so far are finding all the potential damage this trojan may have inflicted though.

Leave a Reply

Your email address will not be published. Required fields are marked *