Threat Description

Adware: ​W32/Stud


Category: Spyware
Type: Adware
Platform: W32


This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.


Automatic action

Once detected, the F-Secure security product will automatically quarantine the suspect file and prompt the user to select a further desired action.

Quarantine is a safe repository for files that may be harmful. A quarantined file can be restored or, if you decide so, deleted.

Excluding a file from scanning

If you are aware of and accept any potential risk associated with this program, you can configure the F-Secure security product to exclude it from scanning.

Suspect a False Alarm?

If you suspect a file has been incorrectly identified as malicious, (that is, it is a False Alarm or a False Positive), please first ensure your F-Secure security program is up-to-date with the latest detection database updates, then rescan the suspect file.

If you continue to suspect a False Alarm, you may submit a sample of the suspect file to our Security Labs for further analysis via the Sample Analysis System (SAS).

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

This is the family description for the Adware:W32/Stud family of adware.

Like most adware programs, it displays pop-up advertisements. Members of the Stud adware family also gather data on the web searches made by the user.


During installation, the user is prompted to read and agree to an end user license agreement (EULA) before proceeding with the installation:

Should the user agree and click on "Next", the adware installs a DLL into the %system32% folder, then registers it as a Browser Helper Object (BHO). This means that each time the Microsoft Internet Explorer browser is started, the adware program is also automatically launched.


In addition to displaying pop-up advertisements, Stud adware programs are able to auto-update. To do so, the program must connect with a remote system to download the necessary components/updates. An example of a possible connection is:


Description Created: 2009-03-16 04:52:08.0

Description Last Modified: 2009-04-22 06:16:33.0


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More