How to delete WUpd (SyncroAd) - Removal tool, fix instructions

Name: WUpd (SyncroAd)

Aliases: Adtools, blazefind, WindUpdates, winad, BlazeFind, Winupdates, WinSyncWinad

Type: Spyware (subtype adware)

Size: -

First appeared on: 03.08.2004

Damage: Low

Brief Description:
WUpd is an adware type program, which offers users an application in exchange for viewing a series of advertisements.

WUpd stores information on the Internet usage habits of the affected user and displays pop-up advertisements founding on this data.

WUpd consists of two components that work together in order to affect the computer. One of these components can update the adware to a higher version, if available.

Visible Symptoms:

WUpd is easy to recognize, as it displays several pop-up advertisements.

Technical description:

WUpd creates the following files:

  • Depending on the version of the adware, WUpd creates any of the following files:
    BRIDGEX.DLL, CLIENTCOMMN.DLL,COMM.DLL, WINAD.EXE, WINADX.DLL, WINCLT.EXE, WINKA.EXE or WINUPDT.EXE.
    These files download other files from the Internet.
  • IDE21201.VXD in the Windows system directory. This is a legitimate file and it is used in Windows Me/98/95 computers in order to get data on the hard disk installed.

WUpd deletes the files AUTOEXEC.BAT and AUTOEXEC.NT.

WUpd creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    Winad Client
    HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    WindUpdates
    By creating these two entries, WUpd ensures it is run whenever Windows is started.
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Winad Client
    HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Wind Updates
    These two entries allow users to uninstall WUpd from the Control Panel.
  • HKEY_CLASSES_ROOT\ Bridge.brdg
  • HKEY_CLASSES_ROOT\ Bridge.brdg.1
  • HKEY_CLASSES_ROOT\ WinadX.Installer
  • HKEY_CLASSES_ROOT\ CLSID\ {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
  • HKEY_CLASSES_ROOT \CLSID\ {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
  • HKEY_CLASSES_ROOT\ TypeLib\ {DDAF2479-6F00-4599-998A-3ED75686C6D0}
  • HKEY_CLASSES_ROOT\ Interface\ {4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Winad Client

Depending on version it also can do the following:

  1. Creates the file %System%\ide21201.vxd

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Adds the value:

    "Windows SyncroAd" = "<filepath to SyncroAd.exe>"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the program runs when you start Windows.

  3. Adds the values:

    "DisplayName" = "Windows SyncroAd"
    "UninstallString" = "<filepath to SyncroAd.exe> /Remove"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ Windows SyncroAd

Propagation:

This adware program must be manually installed.

Removal tool and instruction:

  • Delete all the files and entries in the Windows Registry that adware has created, detailed in section above.