Msg#: 12123 posted 11:26 am on Jul 4, 2006 (gmt 0)
IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.
WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.
The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.
Home > Security Information > Virus Encyclopedia > Search Results
Virus Encyclopedia Search Results
<< Search Again
1 - 3 of 3 record(s) match your query
BKDR_SDBOT.LA Aliases: Exploit-DcomRpc, W32/Cuebot-B This is Trend Micro's detection for an IRC backdoor program that connects to a remote IRC server. It allows a remote user to log on to a certain account and gain control over affected systems. ... WORM_CUEBOT.A Aliases: Backdoor.Sdbot, Exploit-DcomRpc, W32/Cuebot-A, Win32.Cuebot.A This worm takes advantage of the Windows Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability. For more information about this Windows vulnerability, please ref... WORM_CUEBOT.B Aliases: Exploit-DcomRpc, W32/Cuebot-C, Win32.Cuebot.C This memory-resident worm spreads by dropping a copy of itself in the IPC$ network share of target machines. It attempts to access this share by exploiting the RPC/DCOM vulnerability present...
I think I have it. every time my computer starts up my zonealarm firewall tells me Windows Genuine Advantage is trying to access the internet. I always deny its request - is this negating the effects? - no one can access my computer.
Also - will a virus scan rid me of this - or do I need to get a specialist trojan hunter program?