homepage Welcome to WebmasterWorld Guest from 54.166.116.36
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Cuebot-K IM worm poses as Windows Genuine Advantage
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 12123 posted 11:26 am on Jul 4, 2006 (gmt 0)

IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

Cuebot-K IM worm poses as Windows Genuine Advantage [vnunet.com]

 

henry0

WebmasterWorld Senior Member henry0 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 12123 posted 3:29 pm on Jul 4, 2006 (gmt 0)

Thanks
Actually there are 3 of them:

Home > Security Information > Virus Encyclopedia > Search Results



Virus Encyclopedia Search Results

<< Search Again

1 - 3 of 3 record(s) match your query

BKDR_SDBOT.LA
Aliases: Exploit-DcomRpc, W32/Cuebot-B
This is Trend Micro's detection for an IRC backdoor program that connects to a remote IRC server. It allows a remote user to log on to a certain account and gain control over affected systems. ...
WORM_CUEBOT.A
Aliases: Backdoor.Sdbot, Exploit-DcomRpc, W32/Cuebot-A, Win32.Cuebot.A
This worm takes advantage of the Windows Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability. For more information about this Windows vulnerability, please ref...
WORM_CUEBOT.B
Aliases: Exploit-DcomRpc, W32/Cuebot-C, Win32.Cuebot.C
This memory-resident worm spreads by dropping a copy of itself in the IPC$ network share of target machines. It attempts to access this share by exploiting the RPC/DCOM vulnerability present...

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 12123 posted 5:07 pm on Jul 4, 2006 (gmt 0)

So, if I understand it correctly, the difference between the two is that the fake one is a virus, and the genuine one is spyware. Good to know. ;)

henry0

WebmasterWorld Senior Member henry0 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 12123 posted 5:26 pm on Jul 4, 2006 (gmt 0)

Furthermore
Just adding to the confusion
WGA is needed (Wins) and genuine :)

hermes

5+ Year Member



 
Msg#: 12123 posted 8:29 pm on Jul 4, 2006 (gmt 0)

I think I have it. every time my computer starts up my zonealarm firewall tells me Windows Genuine Advantage is trying to access the internet. I always deny its request - is this negating the effects? - no one can access my computer.

Also - will a virus scan rid me of this - or do I need to get a specialist trojan hunter program?

henry0

WebmasterWorld Senior Member henry0 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 12123 posted 9:20 pm on Jul 4, 2006 (gmt 0)

You probably have recently agreed on MS Wins Auto update. Part of the update includes that call thus the message.

Actually I am looking to disable that warning but yet to find how.

My AV PC-Cillin protect against it, go on line with PCC I think you may perform an onlime scan.

also do:
Run
type regedit enter
then edit
find
and test for all the virus names.
Please DO NOT DEL ANYTHING FROM THE REG UNLESS YOU KNOW WHAT YOU DO.

go on line and check for instructions on removal

good luck

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved