|
 |
|
|
| How to delete WUpd (SyncroAd) - Removal tool, fix instructions |
|
WUpd (SyncroAd)
Name: WUpd (SyncroAd)
Aliases: Adtools, blazefind, WindUpdates, winad, BlazeFind, Winupdates, WinSyncWinad
Type: Spyware (subtype adware)
Size: -
First appeared on: 03.08.2004
Damage: Low
Brief Description:
WUpd is an adware type program, which offers users an application in exchange for viewing a series of advertisements.
WUpd stores information on the Internet usage habits of the affected user and displays pop-up advertisements founding on this data.
WUpd consists of two components that work together in order to affect the computer. One of these components can update the adware to a higher version, if available.
Visible Symptoms:
WUpd is easy to recognize, as it displays several pop-up advertisements.
Technical description:
WUpd creates the following files:
- Depending on the version of the adware, WUpd creates any of the following files:
BRIDGEX.DLL, CLIENTCOMMN.DLL,COMM.DLL, WINAD.EXE, WINADX.DLL, WINCLT.EXE, WINKA.EXE or WINUPDT.EXE.
These files download other files from the Internet.
- IDE21201.VXD in the Windows system directory. This is a legitimate file and it is used in Windows Me/98/95 computers in order to get data on the hard disk installed.
WUpd deletes the files AUTOEXEC.BAT and AUTOEXEC.NT.
WUpd creates the following entries in the Windows Registry:
- HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
Winad Client
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
WindUpdates
By creating these two entries, WUpd ensures it is run whenever Windows is started.
- HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Winad Client
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Wind Updates
These two entries allow users to uninstall WUpd from the Control Panel.
- HKEY_CLASSES_ROOT\ Bridge.brdg
- HKEY_CLASSES_ROOT\ Bridge.brdg.1
- HKEY_CLASSES_ROOT\ WinadX.Installer
- HKEY_CLASSES_ROOT\ CLSID\ {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
- HKEY_CLASSES_ROOT \CLSID\ {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
- HKEY_CLASSES_ROOT\ TypeLib\ {DDAF2479-6F00-4599-998A-3ED75686C6D0}
- HKEY_CLASSES_ROOT\ Interface\ {4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
- HKEY_LOCAL_MACHINE\ SOFTWARE\ Winad Client
Depending on version it also can do the following:
- Creates the file %System%\ide21201.vxd
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds the value:
"Windows SyncroAd" = "<filepath to SyncroAd.exe>"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the program runs when you start Windows.
- Adds the values:
"DisplayName" = "Windows SyncroAd"
"UninstallString" = "<filepath to SyncroAd.exe> /Remove"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ Windows SyncroAd
Propagation:
This adware program must be manually installed.
Removal tool and instruction:
- Delete all the files and entries in the Windows Registry that adware has created, detailed in section above.
AntivirusWorld recommends:
If you're not sure you can remove the virus manually, use one of the following antiviruses:
|
|
|
|
|
