Windows 7: asking about ahadmin.exe

ahadmin.exe has detected a virus on my windows 7 .. What Was it really a virus? and how to kill this?

Hi,

Are you asking if ahadmin is a virus? I found one occurence of a similar name which has been flagged as suspicious:
ahadmin.gicp.net.exe - VirSCAN.org

I recommend uploading the file here, for a scan:
https://www.virustotal.com/

Regards,
Golden

Hello aguswgs and welcome to Seven Forums.

I found a reference to ahadmin.exe at the Webroot/Prevx site. It's one of several aliases for the basesrv.exe malware.

BASESRV.EXE, Prevx

If your installed antivirus caught this, it should have given you the opportunity to quarantine or delete it. Run a full scan with your antivirus/antispyware. It would also be a good idea to run a couple more free on-demand scanners to double check your computer. Some recommended products are Malwarebytes, Hitman Pro, Superantispyware, Trend Micro HouseCall, Comodo Cleaning Essentials, Eset, etc.

Thanks marsmimar..
I've been using Malwarebyte for remove ahdmin.exe. for a moment my computer can run back to the normal, but then they come again, and this makes me really frustrated.
Btw, do i have to remove it from the system regedit?

I'm not a malware expert but I've passed your question along to one of our members who is an expert. Hopefully she will give you some advice on what to do. From my very limited knowledge this sounds like a self-replicating virus or trojan. That means it has probably hooked itself into more than just one system file. Eliminate the virus from one file and it will reproduce itself from another file. And because it apparently goes by so many different names, searching the registry may not get rid of it because you wouldn't know what other names it goes by.

Until you hear back from our expert, I would recommend you try a free product from Microsoft called Windows Defender Offline (originally called Microsoft Standalone System Sweeper.) You need to download the software from a computer that is NOT infected and burn it to a flash drive or CD. You would then boot the infected computer from the flash drive or CD bypassing the usual startup procedure. This tutorial gives more information.

Windows Defender Offline

There are several more things you may be asked to try. But please remember that once a computer has been infected, you can never be 100% sure that all traces of the malware have been removed. No anti-malware product is 100% effective 100% of the time

Thanks for your advices and information. I hope this can fix my problem

Best regard

Agus H

In my experience when Malwarebytes has apparently removed the current infection it can leave the file causing the damage in the Temp folder. Have a look for any likely named suspects, if you find one, right click to delete, if it says it cannot because it's open, you got the bad boy.
Open task manager, kill that process, go back to temp and now you can delete it.
Follow up by removing any reference in msconfig also I would start up regedit. Probably you only need check the run and runonce items.

Let's see what this is ....

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.