You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

WUpd

 
Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

WUpd has the following effects:

  • It stores information on the Internet usage habits of the affected user.
  • It displays pop-up advertisements founding on this data.
  • It updates itself to a higher version, if available.

Infection strategy 

WUpd creates the following files:

  • Depending on the version of the adware, WUpd creates any of the following files:
    BRIDGEX.DLL, CLIENTCOMMN.DLL,COMM.DLL, WINAD.EXE, WINADX.DLL, WINCLT.EXE, WINKA.EXE or WINUPDT.EXE.
    These files download other files from the Internet.
  • IDE21201.VXD in the Windows system directory. This is a legitimate file and it is used in Windows Me/98/95 computers in order to get data on the hard disk installed.

WUpd deletes the files AUTOEXEC.BAT and AUTOEXEC.NT.

WUpd creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    Winad Client

    HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    WindUpdates
    By creating these two entries, WUpd ensures it is run whenever Windows is started.
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Winad Client

    HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Wind Updates
    These two entries allow users to uninstall WUpd from the Control Panel.
  • HKEY_CLASSES_ROOT\ Bridge.brdg
  • HKEY_CLASSES_ROOT\ Bridge.brdg.1
  • HKEY_CLASSES_ROOT\ WinadX.Installer
  • HKEY_CLASSES_ROOT\ CLSID\ {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
  • HKEY_CLASSES_ROOT \CLSID\ {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
  • HKEY_CLASSES_ROOT\ TypeLib\ {DDAF2479-6F00-4599-998A-3ED75686C6D0}
  • HKEY_CLASSES_ROOT\ Interface\ {4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Winad Client

Means of transmission 

Adware is a license form for using programs, which offers the application at the only cost of viewing a series of advertisements. However, these programs sometimes collect data on Internet usage habits, pages viewed, inventory of the applications installed in the computer, etc.

Further Details  

WUpd is written in the programming language Visual C++ and it is compressed with UPX.

>