homepage Welcome to WebmasterWorld Guest from 50.16.17.90
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library : Charter : Moderators: phranque & physics

Webmaster General Forum

    
Cuebot-K IM worm poses as Windows Genuine Advantage
engine




msg:342600		 11:26 am on Jul 4, 2006 (gmt 0)

IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

Cuebot-K IM worm poses as Windows Genuine Advantage [vnunet.com]

 

henry0




msg:342601		 3:29 pm on Jul 4, 2006 (gmt 0)

Thanks
Actually there are 3 of them:

Home > Security Information > Virus Encyclopedia > Search Results



Virus Encyclopedia Search Results

<< Search Again

1 - 3 of 3 record(s) match your query

BKDR_SDBOT.LA
Aliases: Exploit-DcomRpc, W32/Cuebot-B
This is Trend Micro's detection for an IRC backdoor program that connects to a remote IRC server. It allows a remote user to log on to a certain account and gain control over affected systems. ...
WORM_CUEBOT.A
Aliases: Backdoor.Sdbot, Exploit-DcomRpc, W32/Cuebot-A, Win32.Cuebot.A
This worm takes advantage of the Windows Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability. For more information about this Windows vulnerability, please ref...
WORM_CUEBOT.B
Aliases: Exploit-DcomRpc, W32/Cuebot-C, Win32.Cuebot.C
This memory-resident worm spreads by dropping a copy of itself in the IPC$ network share of target machines. It attempts to access this share by exploiting the RPC/DCOM vulnerability present...

encyclo




msg:342602		 5:07 pm on Jul 4, 2006 (gmt 0)

So, if I understand it correctly, the difference between the two is that the fake one is a virus, and the genuine one is spyware. Good to know. ;)
henry0




msg:342603		 5:26 pm on Jul 4, 2006 (gmt 0)

Furthermore
Just adding to the confusion
WGA is needed (Wins) and genuine :)
hermes




msg:342604		 8:29 pm on Jul 4, 2006 (gmt 0)

I think I have it. every time my computer starts up my zonealarm firewall tells me Windows Genuine Advantage is trying to access the internet. I always deny its request - is this negating the effects? - no one can access my computer.

Also - will a virus scan rid me of this - or do I need to get a specialist trojan hunter program?

henry0




msg:342605		 9:20 pm on Jul 4, 2006 (gmt 0)

You probably have recently agreed on MS Wins Auto update. Part of the update includes that call thus the message.

Actually I am looking to disable that warning but yet to find how.

My AV PC-Cillin protect against it, go on line with PCC I think you may perform an onlime scan.

also do:
Run
type regedit enter
then edit
find
and test for all the virus names.
Please DO NOT DEL ANYTHING FROM THE REG UNLESS YOU KNOW WHAT YOU DO.

go on line and check for instructions on removal

good luck

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved