1. Symantec/
  2. Security Response/
  3. Adware.Wnad


February 13, 2007 11:47:25 AM
Risk Impact:
File Names:
osama.exe wnad.exe wnad.dat wnad-update.exe
Systems Affected:
Windows 2000, Windows NT, Windows XP

When Adware.Wnad is executed, it performs the following actions:
  1. Attempts to contact [http://]www.twistedhumour.com/[REMOVED] and download a number of component files.

  2. Creates the following directories on the compromised computer:


    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  3. Creates the following files on the compromised computer:

    • osama.exe
    • wnad.exe
    • wnad.dat
    • wnad-update.exe

  4. Adds the value:

    "Yo Mamma Osama Installer" = "%Random%\osama.exe"

    to the registry subkey:


    so that it runs every time Windows starts.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube