1. /
  2. Security Response/
  3. Adware.Wnad

Adware.Wnad

Updated:
February 13, 2007 11:47:25 AM
Type:
Adware
Risk Impact:
High
File Names:
osama.exe wnad.exe wnad.dat wnad-update.exe
Systems Affected:
Windows 2000, Windows NT, Windows XP

When Adware.Wnad is executed, it performs the following actions:
  1. Attempts to contact [http://]www.twistedhumour.com/[REMOVED] and download a number of component files.

  2. Creates the following directories on the compromised computer:

    %ProgramFiles%\osama

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  3. Creates the following files on the compromised computer:

    • osama.exe
    • wnad.exe
    • wnad.dat
    • wnad-update.exe

  4. Adds the value:

    "Yo Mamma Osama Installer" = "%Random%\osama.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver