WindUpdates.MediaGateway (Adware) - May 21, 2006

When I ran a scan of a user's Windows XP Professional SP2 system with Microsoft AntiSpyware Beta1 with sypware definition version 5849 (5/20/2006 8:53:49 PM) on May 21, 2006, Microsoft Antispyware detected WindUpdates.MediaGateway (Adware).

Microsoft Antispyware detected
WindUpdates.MediaGateway

Microsoft Antispyware provided the following information on the adware:

Item Details

WindUpdates.MediaGateway

Type: Adware
Adware is generally software that displays advertisements. Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.

Threat Level: High
Programs that might collect your personal information and negatively affect your privacy or damage your computer, for example, by collecting information or changing settings, typically without your knowledge or consent.

Author: windupdates.com

Description: WindUpdates is responsible for downloading adware.

Advice: High-risk items have a large potential for adverse effect, such as loss of computer control, and should be removed unless knowingly installed.

About Adware: In general, adware is software that displays advertisements, and may be beneficial by subsidizing a program or service. However, certain adware programs may lack authorization, such as installing without prominent notice or showing ads without clear attribution to their source.

When I looked in the system's registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, which is one of the registry locations where Microsoft Antispyware found a reference to this adware, I saw the following value:

Value Name: MediaGateway
Value Data: C:\Program Files\MediaGateway\MediaGateway.exe

Regedit - run key for 
WindUpdates.MediaGateway

I checked the MediaGateway folder under C:\Program Files. It had been created on January 19, 2006 at 11:27 A.M. However, there were no files within the folder. Looking through the scan history for Microsoft AntiSpyware, I found that it had found WindUpdates.MediaAccess Adware on the system on January 19, 2006 and two items related to this adware had been deleted then. The 3 registry entries I found today (Microsoft AntiSpyware is listing four, but one of those HKEY_LOCAL_MACHINE\Software\MediaGateway, is listed twice) may have been remnants left on the system then that later antispyware definitions detected. Looking through the history, I found that three items for this adware were detected on April 29, 2006, but only 1 deleted. Ever since April 30, it appears Microsoft AntiSpyware has been detecting 4 items related to this adware, but the user has not been deleting them.

I had Microsoft AntiSpyware remove all of the entries it found. It removed the "run" registry entry for the adware, but did not remove the folder C:\Program Files\MediaGateway. I removed the folder manually.