IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.
WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.
The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.
Once in place the worm disables the Windows firewall, and opens a backdoor to infected computers which allows hackers to gain remote access, spy on users, and potentially launch distributed denial-of-service attacks.
So, any normal user even seeing a list of startup's or seeing the service list may not be suspecting anything since the worm disguises itself as the WGA service. Be careful of the wgavn service
Solution :
Run RemoveWGA for removing WGA. Still if you see any WGA service running, disable it and remove it from the services.msc list. And also search for the file and delete it. Also have a look through Autoruns if you have any instance of wgavn present in your system during startup. After removal check your system again.
Hahahah, Microsoft found a new way to *BLEEP* the legal uses of windows up, now we will get worms and stuff because it's hidden as a microsoft service against hackers... just plain out *LOL*
well it is spyware they say its a critical update when its not...
it gathers information on the users computer (spying...) then sends it back to microsoft thus why microsoft cant take the removal tool off the network because of this...
In an internal memo Microsoft detailed how it plans to tie Win7 and Windows Live. It seems these
guys never learn. They don't don't get tired of monopolizing everything. I just pray the
anti-trust guys will do a good job on this one. Below is part of the blog by Mary Jo Foley about the
memo titled " Microsoft internal memo details Windows 7-Windows Live ties ": " In
January, I mentioned an internal Microsoft memo I had seen which provided details of how Microsoft
plans to more tightly integrate its Windows 7 operating system with Windows Live service....
Hi Guys, I've had a problem with my computer. I thought it restarted only when using the
internet but I was wrong. I found out that isn't the denominator. I tried disabling the internet
to run a virus scan and the scan can't complete as the computer restarts too often. I followed
the following instructions to read the dmp file the restart error generates. 1) Download and
install the http://www.microsoft.com/whdc/devtools/deb...installx86.mspx Debugging Tools from
Microsoft 2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or....
Well it seems this is the first major problem for Vista SP 1 in the sense for those who have the
following Secuirty Suites installed on your ocmputer that is running Vista. They block the
following programs; Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, BitDefender
10, and the 2008 version of the Jiangmin antivirus. As for the reason why these programs don't
work, Microsoft says "they are incompatible and so they must be block". Well not exactly like that
but you get the point they also mention that other small programs might now work either b....
Well if you all remember a few months back I made a topic about the skype worm here , well it seems
to have busted out two clones one for ICQ and for MSN. the new variation showed up sometime at the
beginning of the week for these two networks and if memory serves me correctly and it usually does,
these two messenger networks are huge. Now in order for this worm to be activated a user must click
on a link and once they do that the worm will start sending messages to your contact list and get
others to click on that link as well. Although security experts rate this ....
To think the Microsoft ANI exploit and the botnet things were bad but this just top the charts, this
new variation of the Storm virus of last year gets a new powerful punch. The virus gets sent
through a password protected zip fil in which the password is contain in a image file in the email.
The email subject contains either Worm Alert!" or "Trojan Detected! so do not open and just delete
it. Also the image file will read something like UrgentNotice.gif" or "AbuseReport.gif. and the zip
file will read something like "patch-####.zip" or "removal-####.zip.". McAfee s....
I was able to browse around this and found it interesting since this vunerability is found in 4
Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the
article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe
mouse cursor, when the mouse icon changes depending on what you do. They only mention that with
this flaw it always hackers to break into someone computer and do their thing. But in another
article relating to this attack it was mention that in order for this to happen a user has ....
my brother has windows vista and told me that it is safer than other versions of windows but
according to other people they say that it has bugs and other stuff whick one of these are true?....
Here is the deal. I got this video ipod recently and it turns out that it had a worm on it. I was
only one fo the few but it did have one. The virus is called RavMonE Virus. Here is a link to find
out more about it. more info It doesn't affect macs only windows based computers. I plugged
it up to the computer and my antivirus detected a worm and I was very surprised. I did some
research and it turns out that some contracted company who builds the ipods for apple had computers
connected to the ipods and they had been infected. These computers were windows....
Windows has been acting strangely by now, it freezes/clogs badly, I can't use Opera, MF or
continue my tutorials due to this problem. It gets on my nerves as I think it was MY problem because
I deleted MOST of the files in the Temp folder. CODE (Start>Run...>%Temp%) That folder,
most of the files were deleted by me. I consulted my friend by half-screwed MSN, he said I "effed me
up the arse" by doing that. He recommended me backing up and formatting. I never did that before so
I think it will be most-likely half-impossible for me. And as I don't have a ....
We all know the difference between a limited user and an administrator user under Win2k/XP - you
can't/can install major software, perform system maintainence, and other stuff. But using a
limited user on a day-to-day basis also provides you with decent protection from a bunch of threats:
if the malware is running under your limited-rights user, it can only do as much as you can. For
instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running
under the same user won't be able to touch that area. It's extremely simple t....
Well buffaloHELP just mention and I have confirmed it by many articles myspace accounts have been
hacked or in hte sense that if your account was hijacked then anyone viewing your profile will also
get infected as well. In a article by chaseandsam.com go into detail on how this happen and a
solution to it as well Click here for more ---WARNING--- Also this hack is also a virus in
which a person who is viewing your hacked profile will get their profile hijacked as well. Also
Symantec mentions about it as well Nortan How it was done ---SOLUTION--- ....
What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof....
A friend of mine was temporarily banned from the computers at my school a while ago after he
accidentially found a way into Task Manager, which is disabled on our network. He has had his
permissions restored now, but has no idea why he got banned in the first place. However, recently he
explained what he did to me, and I tested it. I soon found out that, by accident, we had both
discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
to do with network permissions. Windows XP recieves the permission data from the network as soon....
QUOTE W32.Areses.H@mm is a mass-mailing worm that opens a back door on the compromised computer
and may download files. When W32.Areses.H@mm is executed, it performs the following actions:
Copies itself as the following file: %Windir%\csrss.exe Note: %Windir% is a variable that refers
to the Windows installation folder. By default, this is C:\Windows or C:\Winnt. Adds the value:
"Debugger" = " " to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\explorer.exe Adds the value: "Application" ....
I have the Alcra D worm which starts up limewire and disables regedit and other things. If anyone
knows how to get rid of this tell me. PLEASE. I have adaware, but it never seems to find it. I cant
use ctrl alt delete and limewire slows my computer down because it opens non stop. SO PLEASE HELP. I
have tried other things, but they never seem to work. I found a program for the type B worm, but it
dosnt work for D i tried. Any info on this post back. If you use limewire and it keeps opening this
is what you have by the way. And i love how limwire's FAQ says you have a ....
This will help for those who likes to know if they are using one of the best Anti-virus programs.
1. Platinum Internet Security 2005 2. PC-cillin Internet Security 2005 3. BitDefender Professional
Edition 4. ZoneAlarm Internet Security Suite 5. F-Prot for Windows 6. Kaspersky Anti-Virus Personal
7. G Data AntiVirusKit 2005 (AVK) Reference:
http://antivirus.about.com/cs/beforeyoubuy/tp/aatpavwin.htm ....
QUOTE Windows users are being urged to scan their computers before 3rd February 2006 to avoid
falling victim to a destructive Worm. On that date the Nyxem E Worm is set to delete Word,
Powerpoint, Excel and Acrobat files on infected machines! Don't get caught out... See
complete article at http://www.updatexp.com/nyxem-e.html Better get your anti-virus updated by
3rd Febuary before seeing your files go missing. It's kindda scary worm if not handled properly.
The date is near so get updated fast. Edited topic title. ....
http://news.zdnet.com/2100-1009_22-5893344.html?tag=nl.e589 Here is another proof that the words
'Windows' and 'Security' simply cannot go together... And yet another good reason
for installing and start using Linux... Cheers! KoYoda....
hi all, In this topic I'm gonna start explain about windows security scanners , leave your
comments and hope to enjoy /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' />
:: Nsauditor Network Security Auditor Nauditor is a network security scanner that allows to audit
and monitor network computers for possible vulnerabilities , to see all open ports and owner program
names, including the process loaded modules, kernel objects, memory details, remote address and
state of connections, dns name, country where from, service associated with connect....
Hi friends, this article shows how shellcode can be written and executed on a Windows host without
using any native API calls at all . By : Contact : Link to this article :
http://securityfocus.com/infocus/1844 Removed personal info ....
Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
This program is free software; you can redistribute it and/or modify it under // the terms of the
GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
s_block_start("packet_1....
QUOTE PhishGuard is a FREE service that detects and rapidly disables Internet "phishing" or
"spoofing" attacks designed to steal critical financial data. Phishing attacks use fraudulent
websites and emails that mimic well-known organizations in order to trick unsuspecting Internet
users. A simple login or account number entry screen becomes a sophisticated trap. By assuming you
are dealing with a trusted party, you can reveal financial information including credit card
numbers, bank accounts, passwords, and social security numbers to the "bad guys". This type of att....
wow, you can get this famous vulnerabilty exploit here: http://www.milw0rm.com/id.php?id=1149
have fun /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> ....
http://english.chosun.com/w21data/html/new...0504250004.html Not only does it not differentiate
between legal and illegal mp3 files, it also doesn't let you reboot your computer. So far,
it's been circulating only in Europe, but those in the US and Asia had better take caution as
well. It's only a matter of time.......
Dear Friends, I use Windows XP Pro SP1. When I connect to the Internet, a Notification box comes
with countdown of 60 Seconds saying that "This System is shutting down. Please save the work and log
off. Any unsaved changes will be lost. This shutdown is initiated by NT/Authority System (Remote
procedure call has shutdown unexpectedly)". And after the countdown, the system Restarts. This
occurs very often. First of all what is NT/Authority system?. Is this is a hacking or a virus or OS
Problem?. I have norton antivirus 2004 and it is up to date. Is there any solution to ....
Looking for worm, disguises, windows, genuine, advantage, careful, wgavn, service
