TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
ADW_WINAD.A
Overview
Solution

QUICK LINKS  

Download the latest scan engine

In the wild: No

Reported detections:

 Low
 
Description:

Alias: Win32/Winupdt.A, W32/Agent.BQ@dl

This adware connects to remote Web sites and downloads adware applications.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

Solution: 

Minimum scan engine version needed: 7.100


TREND MICRO SOLUTION

  • Minimum scan engine version needed: 7.100
      TMAPTN version needed: 194.13

MANUAL REMOVAL INSTRUCTIONS

Uninstalling the Application

This procedure removes the adware application from your system.

  1. Click START>Settings>Control Panel
  2. In the Control Panel, open Add/Remove Programs
  3. Locate the the following entry then click the Install/Remove button:
    Winad Client
  4. Click appropriate buttons to continue removing the adware.

Deleting Adware File

  1. Right-click Start then click Search… or Find…, depending on the version of Windows you are running.
  2. In the Named input box, type:
    IDE21201.VXD
  3. In the Look In drop-down list, select the drive that contains Windows, then press Enter.
  4. Once located, select the file then press Delete.

Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure sets.

Running Trend Micro Antivirus

Download the latest spyware pattern file and scan your system. Then, delete all files detected as ADW_WINAD.A.

Details: 

This adware is composed of the following components:

  • CLIENTCOM.DLL (76,800 Bytes)
  • WINAD.EXE (24,064 Bytes)
  • WINCLT.EXE (12,915 Bytes)

Whenever a component is executed, it runs other components found on the same folder.

This adware adds the following registry entry to enable itself to run at every Windows startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Winad Client

It also adds the following registry keys, which is uses to uninstall itself:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\Winad Client

It also drops the non-malicious component file, IDE21201.VXD, in the Windows system folder.

This adware then connects to remote Web sites and downloads adware applications. The downloaded files, however, may change at any given time.
Analysis by: Daniel M. Biado

For additional information about this threat, see:
Solution

Description created: Sep 7, 2004




Tell us how we did. Take our quick survey.