virus logo Virus

Adware/WhenU

description-logoAnalysis

Adware/WhenU is an Adware installer from WhenU.com site.

The Adware/WhenU detects the following applications:

Description: Save! Update
File version: 2.6.4.7
Copyright: Copyright 2000
Company Name: WhenU.com, Inc.
Original Filename: saveupdate.exe
Internal Name: Save update
Product Name: Save! Update
File size: 246,848 bytes

Description: Save! Uninstall
File version: 2.6.4.7
Copyright: Copyright 2001
Company Name: WhenU.com, Inc.
Original Filename: SaveUninst.exe
Internal Name: SaveUninst
Product Name: Save! Uninstall
File size: 30,336 bytes

Description: ClockSync Uninstall Program
File version: 1.0.0.1
Copyright: Copyright 2003 WhenU, Inc.
Original Filename: Uninst.exe
Product Name: ClockSync Uninstall
File size: 32,768 bytes

File Version: 2.11.15.0
Company Name: TwistedHumor.com
Internal Name: stub32i.exe
Product Name: Jack Schitt
Product Version: 1.00.000
File size: 2,512,632 bytes

Description: WUInst Module
File version: 1.0.3.1
Copyright: Copyright 2003
Original Filename: WUInst.DLL
Internal Name: WUInst
Product Name: WUInst Module
File size: 64,512 bytes

The adware updates registry by adding an entry on the following:
    HKEY_CLASSES_ROOT\WUSN.1 or
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WUSN.1
     VALUE : WUSN_Id

recommended-action-logoRecommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2023-02-21 91.00794
2020-05-19 77.53700 Sig Updated
2020-03-04 75.72300 Sig Updated
2020-01-24 74.76100 Sig Updated
ID 6164
Released Aug 30, 2005
Description
Updated		 Mar 13, 2007
Aliases Adware-SaveNow application [McAfee], Adware-WhenU application [McAfee], Adware-WhenUSearch application [McAfee], Adware/SaveNow
Platform Profile Adware typically display advertising content to the user. This advertising content may take many forms, but is typically in the form of web browser pop-up advertisements. In most circumstances, the user is not aware of the Adware component being installed on the local machine.