New Virus Poses As Windows Genuine Advantage

There are not many people who are fond of Microsoft’s new Windows Genuine Advantage Notification Tool but there is obviously someone that really despises it. A new virus that is in the wild will pose as Microsoft’s WGA Notifier. It will run as a service named “wgavn” and describes itself as “Windows Genuine Advantage Validation Notification”.

The Virus is currently being passed through AIM via an instant message from an unknown sender. The message will contain a link and if you click on it, well, you should go crawl in a corner. It will disable your Windows Firewall and open a backdoor for future attacks. If you try to close down the service it will let you know that doing so will cause instability in your system.

Eset, the creators of NOD32 antivirus, rank this one as 1,400 on their threat list. Even though this is not high on the list AIM users should take caution when receiving messages from unknown people, which you shouldn’t have to be told that :D .

There is 1 Comment

  1. if you have the windows genuine advantage notification window appearing everytime you logon, you may have the same virus I did, removal notes below….

    1. boot in safe mode, open c:/windows/regedit.exe and search for wgalogon – when found delete the folder and all keys within

    2. search c:\windows for wga*.* and delete everything you find, if you cant delete something reboot in safe mode and then try and delete again.

    3. final search of c:/windows for any re-appearing wga*.* files – and final search of registry to make sure wgalogon has not reappeared

    4. boot as normal

Leave Your Comment


Message is the only required field.
Emails are not published.