Welcome to WebmasterWorld Guest from 54.226.130.194

Forum Moderators: phranque

Message Too Old, No Replies

Cuebot-K IM worm poses as Windows Genuine Advantage

     

engine

11:26 am on Jul 4, 2006 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

Cuebot-K IM worm poses as Windows Genuine Advantage [vnunet.com]

henry0

3:29 pm on Jul 4, 2006 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Thanks
Actually there are 3 of them:

Home > Security Information > Virus Encyclopedia > Search Results



Virus Encyclopedia Search Results

<< Search Again

1 - 3 of 3 record(s) match your query

BKDR_SDBOT.LA
Aliases: Exploit-DcomRpc, W32/Cuebot-B
This is Trend Micro's detection for an IRC backdoor program that connects to a remote IRC server. It allows a remote user to log on to a certain account and gain control over affected systems. ...
WORM_CUEBOT.A
Aliases: Backdoor.Sdbot, Exploit-DcomRpc, W32/Cuebot-A, Win32.Cuebot.A
This worm takes advantage of the Windows Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability. For more information about this Windows vulnerability, please ref...
WORM_CUEBOT.B
Aliases: Exploit-DcomRpc, W32/Cuebot-C, Win32.Cuebot.C
This memory-resident worm spreads by dropping a copy of itself in the IPC$ network share of target machines. It attempts to access this share by exploiting the RPC/DCOM vulnerability present...

encyclo

5:07 pm on Jul 4, 2006 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



So, if I understand it correctly, the difference between the two is that the fake one is a virus, and the genuine one is spyware. Good to know. ;)

henry0

5:26 pm on Jul 4, 2006 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Furthermore
Just adding to the confusion
WGA is needed (Wins) and genuine :)

hermes

8:29 pm on Jul 4, 2006 (gmt 0)

10+ Year Member



I think I have it. every time my computer starts up my zonealarm firewall tells me Windows Genuine Advantage is trying to access the internet. I always deny its request - is this negating the effects? - no one can access my computer.

Also - will a virus scan rid me of this - or do I need to get a specialist trojan hunter program?

henry0

9:20 pm on Jul 4, 2006 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You probably have recently agreed on MS Wins Auto update. Part of the update includes that call thus the message.

Actually I am looking to disable that warning but yet to find how.

My AV PC-Cillin protect against it, go on line with PCC I think you may perform an onlime scan.

also do:
Run
type regedit enter
then edit
find
and test for all the virus names.
Please DO NOT DEL ANYTHING FROM THE REG UNLESS YOU KNOW WHAT YOU DO.

go on line and check for instructions on removal

good luck

 

Featured Threads

Hot Threads This Week

Hot Threads This Month