Welcome to WebmasterWorld Guest from 54.147.158.215

Forum Moderators: phranque

Message Too Old, No Replies

Cuebot-K IM worm poses as Windows Genuine Advantage

     
11:26 am on Jul 4, 2006 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23249
votes: 358


IT security experts have warned of a worm that purports to be Microsoft's Windows Genuine Advantage (WGA) anti-piracy tool.

WGA has recently been branded as 'spyware' in that it collects unnecessary hardware and software data from users' PCs.

The Cuebot-K worm spreads via AOL Instant Messenger, registering itself as a new system driver service called 'wgavn'. It carries the display name 'Windows Genuine Advantage Validation Notification', and runs automatically during system startup.

Cuebot-K IM worm poses as Windows Genuine Advantage [vnunet.com]

3:29 pm on July 4, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4397
votes: 2


Thanks
Actually there are 3 of them:

Home > Security Information > Virus Encyclopedia > Search Results



Virus Encyclopedia Search Results

<< Search Again

1 - 3 of 3 record(s) match your query

BKDR_SDBOT.LA
Aliases: Exploit-DcomRpc, W32/Cuebot-B
This is Trend Micro's detection for an IRC backdoor program that connects to a remote IRC server. It allows a remote user to log on to a certain account and gain control over affected systems. ...
WORM_CUEBOT.A
Aliases: Backdoor.Sdbot, Exploit-DcomRpc, W32/Cuebot-A, Win32.Cuebot.A
This worm takes advantage of the Windows Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability. For more information about this Windows vulnerability, please ref...
WORM_CUEBOT.B
Aliases: Exploit-DcomRpc, W32/Cuebot-C, Win32.Cuebot.C
This memory-resident worm spreads by dropping a copy of itself in the IPC$ network share of target machines. It attempts to access this share by exploiting the RPC/DCOM vulnerability present...

5:07 pm on July 4, 2006 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


So, if I understand it correctly, the difference between the two is that the fake one is a virus, and the genuine one is spyware. Good to know. ;)
5:26 pm on July 4, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4397
votes: 2


Furthermore
Just adding to the confusion
WGA is needed (Wins) and genuine :)
8:29 pm on July 4, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Dec 7, 2004
posts:315
votes: 0


I think I have it. every time my computer starts up my zonealarm firewall tells me Windows Genuine Advantage is trying to access the internet. I always deny its request - is this negating the effects? - no one can access my computer.

Also - will a virus scan rid me of this - or do I need to get a specialist trojan hunter program?

9:20 pm on July 4, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4397
votes: 2


You probably have recently agreed on MS Wins Auto update. Part of the update includes that call thus the message.

Actually I am looking to disable that warning but yet to find how.

My AV PC-Cillin protect against it, go on line with PCC I think you may perform an onlime scan.

also do:
Run
type regedit enter
then edit
find
and test for all the virus names.
Please DO NOT DEL ANYTHING FROM THE REG UNLESS YOU KNOW WHAT YOU DO.

go on line and check for instructions on removal

good luck

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members