Virus Characteristics
This is an AdWare program which gets installed when the "Yo Mama, Osama!" game is installed. It is a memory resident application which periodically connects to a webserver to download and display pop-up window advertisements. It creates a registry run key to load itself at startup and does not uninstall itself:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WNAD
Detection of this program was initially added to the 4166 DAT files as the WinAd Trojan. It was later discovered that the "Yo Mama, Osama!" installer required users to agree to the terms of the program which include the installation of this adware. As such, trojan detection of the program was removed in the 4167 DAT files. For those wishing to remove this program, manual removal instructions are provided below and the command line scanner will detect/remove this program as Application WNAD when including the /PROGRAM switch.