Welcome Guest ( Log In | Register)



 
 Reply to this topicStart new topic
> Worm Disguises As Windows Genuine Advantage, be careful of the wgavn service ...
bakuryu
post Jul 5 2006, 01:04 PM
Post #1


Newbie [Level 2]
**

Group: Members
Posts: 29
Joined: 4-July 06
Member No.: 26,051
QUOTE
IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

Once in place the worm disables the Windows firewall, and opens a backdoor to infected computers which allows hackers to gain remote access, spy on users, and potentially launch distributed denial-of-service attacks.

Source : http://www.vnunet.com/vnunet/news/2159630/...windows-genuine


So, any normal user even seeing a list of startup's or seeing the service list may not be suspecting anything since the worm disguises itself as the WGA service. Be careful of the wgavn service

Solution :

Run RemoveWGA for removing WGA. Still if you see any WGA service running, disable it and remove it from the services.msc list. And also search for the file and delete it.
Also have a look through Autoruns if you have any instance of wgavn present in your system during startup. After removal check your system again.

OR do not install WGA at all tongue.gif

Notice from serverph:
QUOTE tags added as needed.

(list)

Go to the top of the page
 
+Quote Post
Florisjuh
post Jul 5 2006, 05:05 PM
Post #2


Proud to be hosted
*********

Group: Members
Posts: 992
Joined: 11-July 04
From: NL
Member No.: 75
Hahahah, Microsoft found a new way to *BLEEP* the legal uses of windows up, now we will get worms and stuff because it's hidden as a microsoft service against hackers... just plain out *LOL*

(list)

Go to the top of the page
 
+Quote Post
bakuryu
post Jul 5 2006, 05:53 PM
Post #3


Newbie [Level 2]
**

Group: Members
Posts: 29
Joined: 4-July 06
Member No.: 26,051
And to add to MS trouble already within 4 days 2 lawsuits are filled against MS accusing the original WGA notification to be a spyware


(list)

Go to the top of the page
 
+Quote Post
tdktank59
post Jul 5 2006, 07:27 PM
Post #4


Super Member
*********

Group: Members
Posts: 398
Joined: 21-June 05
From: Callifornia
Member No.: 8,519
well it is spyware they say its a critical update when its not...

it gathers information on the users computer (spying...) then sends it back to microsoft thus why microsoft cant take the removal tool off the network because of this...

(list)

Go to the top of the page
 
+Quote Post
delivi
post Jul 5 2006, 07:52 PM
Post #5


Trap Grand Marshal Member
***********

Group: [HOSTED]
Posts: 1,314
Joined: 11-January 06
From: Chennai, India
Member No.: 16,932
It is a new measure taken by Microsoft to prevent the Piracy of Windows. But poor guy if we download it we'll face a lot of problems.

(list)

Go to the top of the page
 
+Quote Post
FirefoxRocks
post Jul 7 2006, 01:12 PM
Post #6


Super Member
*********

Group: Members
Posts: 273
Joined: 14-April 06
From: Ontario, Canada, North America, Planet Earth
Member No.: 21,845
I just downloaded Windows Genuine Advantage a few days ago. No spyware found on my system.

Hmm...is Windows XP really a piracy threat? I don't really think so. Microsoft Office is much more of a piracy threat than Windows XP, if at all.

Without Windows Genuine Advantage, a lot of things cannot be downloaded.

(list)

Go to the top of the page
 
+Quote Post
« Next Oldest · Computer Security Issues & Exploits · Next Newest »
 

Reply to this topicStart new topic

Collapse

> Similar Topics

Topics Topics
  1. New Virus Kills Music Files(19)
  2. How To Install An Application As A Service(6)
  3. Microsoft Windows Plug-and-play Exploit(0)
  4. Phishguard - Detects Spoofing Attacks(1)
  5. [exploit] Microsoft Windows 2000 Plug And Play(1)
  6. [exploit] Microsoft Windows Remote Desktop Dos(0)
  7. [exploit] Microsoft Windows 2000 Plug And Play(0)
  8. [article] Windows Syscall Shellcode(0)
  9. Windows Security Scanners(0)
  10. Microsoft Plugs Windows Worm Holes(3)
  11. Serious Wmf Windows Exploit(16)
  12. Nyxem E - Be Safe From This Virus/worm(14)
  13. Top 7 Antivirus For Windows(13)
  14. Alcra D Worm(10)
  15. Worm: W32.areses.h@mm(3)
  1. Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login(1)
  2. Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability(0)
  3. Myspace.com Flash Hack(13)
  4. A Very Simple Security Tip(13)
  5. Windows Crashing. Can't Use Opera Or Firefox(3)
  6. Some New Apple Ipods Contain A Virus From Windows!(7)
  7. Windows Vista Less Secure Than Older Versions?(7)
  8. Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk(9)
  9. New Virus Called Storm Worm Or W32/nuwar@mm Is Out And About(4)
  10. Skype Worm Jumps To Icq And Msn(3)
  11. Windows Vista Sp1 Blocks Antivirus Programs(5)
  12. Windows Xp Restarts When Using The Internet(0)
  13. Windows 7-windows Live Ties(0)


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 11th October 2008 - 05:33 PM
Powered By IP.Board © 2008  IPS, Inc.
Licensed to: Xisto Corporation