Phoenyx
Yes i'm back
- Joined
- Oct 8, 2001
- Posts
- 6,978
Yo Mama, Osama shooting gallery cleverly disguised adware Trojan
Several complaints to newsgroups indicate an adware Trojan created by Twistedhumor.com is being distribued in their popular Yo Mama Osama shooting game. This online game promises a free cell phone booster to players successfull in "taking out" Osama bid Ladin. What they don't realize is they may be "taking in" an adware Trojan that allegedly monitors Internet useage and feeds pop-up advertising to the user long after the game is over. According to complaints, uninstalling Yo Mama Osama removes the game and leaves the offensive adware.
When installing Yo Mama Osama for game play, files specific to the adware Trojan are downloaded and installed on the user's system. These include WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE and WNAD.LGC. These files are placed in the Windows folder and a shortcut to WNAD.EXE is added to the Startup folder.
Removing the Adware
Uninstalling the game will not remove the adware Trojan. The following steps should be taken for manual removal.
Press CTRL-ALT-DEL and use End Task to close WNAD.EXE
Browse to the Windows folder and delete WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE and WNAD.LGC
Remove the C:\Windows\Wnad.exe value from the following Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the shortcut for WNAD.EXE from the Start | Programs | Startup Folder
In a press release announcing the game, Twistedhumor.com described the "Yo Mama, Osama!" game as a means to raise charitable contributions for the American Red Cross September 11 Fund. What the press release doesn't describe is how that money is being raised. Presumably, since game play is free, the funds are raised through the advertising being surreptitiously slipped to the user. Officials at Twistedhumor.com did not respond to requests for information.
Several complaints to newsgroups indicate an adware Trojan created by Twistedhumor.com is being distribued in their popular Yo Mama Osama shooting game. This online game promises a free cell phone booster to players successfull in "taking out" Osama bid Ladin. What they don't realize is they may be "taking in" an adware Trojan that allegedly monitors Internet useage and feeds pop-up advertising to the user long after the game is over. According to complaints, uninstalling Yo Mama Osama removes the game and leaves the offensive adware.
When installing Yo Mama Osama for game play, files specific to the adware Trojan are downloaded and installed on the user's system. These include WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE and WNAD.LGC. These files are placed in the Windows folder and a shortcut to WNAD.EXE is added to the Startup folder.
Removing the Adware
Uninstalling the game will not remove the adware Trojan. The following steps should be taken for manual removal.
Press CTRL-ALT-DEL and use End Task to close WNAD.EXE
Browse to the Windows folder and delete WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE and WNAD.LGC
Remove the C:\Windows\Wnad.exe value from the following Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the shortcut for WNAD.EXE from the Start | Programs | Startup Folder
In a press release announcing the game, Twistedhumor.com described the "Yo Mama, Osama!" game as a means to raise charitable contributions for the American Red Cross September 11 Fund. What the press release doesn't describe is how that money is being raised. Presumably, since game play is free, the funds are raised through the advertising being surreptitiously slipped to the user. Officials at Twistedhumor.com did not respond to requests for information.
No, not you.. a real life friend did it. (it was my ex husbands wife).