WNAD

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Summary:

 No installation disclosure. Displays ads. Causes browser popups. Still live. The popular Yo Mama Osama shooting game distributes an adware Trojan.This online game promises a free cell phone booster to players successfull in "taking out" Osama bid Ladin. The adware Trojan monitors Internet usage and feeds pop-up advertising to the user long after the game is over. Uninstalling Yo Mama Osama removes the game and leaves the offensive adware. When installing Yo Mama Osama for game play, files specific to the adware Trojan are downloaded and installed on the user's system. These include WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE and WNAD.LGC. These files are placed in the Windows folder and a shortcut to WNAD.EXE is added to the Startup folder.

Alias:

 Adware/Wnad [Panda], Twisted Humor, Win32/AdWama.A!Trojan [Computer Associates], WinAD [Name used by Ad-aware], Wnad.e [McAfee], Yo Mama Osama

Category:

Spyware: Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.

Similar Pests:

 Spyware

Origins

Group:

 twistedhumor.com

Vendor:

 http://twistedhumor.com/

Date of Origin:

 June, 2002

Distribution

Distribution:

 Via multiple products distributed via multiple sites.

Prevalence:
  • WNAD: < 0.00005%
    • More Info

    Clot Factor:
  • WNAD: 1

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Operation

    Advertising:

    		 Displays ads. Causes browser popups.

    Storage Required:
  • WNAD: at least 537 KB
    		•

    Risks

    Privacy Issues:

    		 No installation disclosure.

    Privacy Policy:

    		 http://twistedhumor.com/privacy.shtml

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    Uninstalling the game will not remove the adware Trojan. The following steps should be taken for manual removal.

    • Press CTRL-ALT-DEL and use End Task to close WNAD.EXE
    • Browse to the Windows folder and delete WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE and WNAD.LGC
    • Remove the C:\Windows\Wnad.exe value from the following Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • Delete the shortcut for WNAD.EXE from the Start | Programs | Startup Folder
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove AutoRun Reference:

    Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\wnad, delete it and reboot the machine immediately.



    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Remove Directories:

    Remove these directories (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 07, 2005