Program Characteristics:
This is an AdWare program which gets installed when the
"Yo Mama, Osama!" game is installed. It is a memory resident
application which periodically connects to a webserver to download
and display pop-up window advertisements. It creates a registry run
key to load itself at startup and does not uninstall itself:
Detection of this program was initially added to the 4166 DAT files as
the WinAd Trojan. It was later discovered that the "Yo Mama, Osama!"
installer required users to agree to the terms of the program which
include the installation of this adware. As such, trojan detection of
the program was removed in the 4167 DAT files. For those wishing to
remove this program, manual removal instructions are provided below
and the command line scanner will detect/remove this program as
Application WNAD when including the /PROGRAM switch.
Manual removal:
1) Press CTRL-ALT-DEL, select WNAD.EXE, and click END TASK
2) Click START | RUN, type %WINDIR% and hit ENTER
3) Delete the following files (if they exist):
WNAD.EXE
WNAD.DAT
WNAD-UPDATE.EXE
4) Click START | RUN, type REGEDIT and hit ENTER
5) Click on the plus sign next to HKEY_LOCAL_MACHINE
6) Click on the plus sign next to Software
7) Click on the plus sign next to Microsoft
8) Click on the plus sign next to Windows
9) Click on the plus sign next to CurrentVersion
10) Click on the Run folder
11) Click on WNAD on the RIGHT windows
12) Hit the DELETE key on the keyboard and hit ENTER
13) Close the REGISTRY EDITOR WINDOW 作者: HUANGLIFU 時間: 2003-2-19 23:13 標題: Re:[求助] Trojan Horse 恩,常常收到電子郵件附加的中毒檔案,就算用web mail開還是會問你要不要開啟,這個時候當然不開啟,只是還是會被NV抓到並說無法刪除,基本上不要開啟就沒事,開啟了,要是系統裝的一段時間了,可以重灌整理就整理吧。作者: zard 時間: 2003-2-20 00:23 標題: Re:[求助] Trojan Horse--題外話,介紹移除廣告程式的程式 如Checko兄所說的,可能是中了另外一種叫AD ware的東西了
比如說安裝了免費廣告版的DivX,就會自動在你的電腦中裝一些自動跳廣告的小程式,像有不請自來的青蛙,還有自動對時的程式,或是小月曆等等,常註在電腦的右下角,看起來很討厭,移也移不掉.
