G
Guest
Is Miscrosoft One Care or Windows Defender able to clean this worm posing as
WGA?
http://www.castlecops.com/t160623-W32_Cuebot_KM_worm_Masquerades_as_Microsoft_Antipiracy_Progr.html
Quote:
A piece of malware masquerading as Microsoft's antipiracy tool is doing the
rounds.
The malware has been classified as a worm and spreads through AOL's Instant
Messenger program,... W32.Cuebot-K, a variation in the Cuebot family of
malware. ...Cuebot-K can disable other software, shut off the Windows
firewall, download new malicious programs, perform basic DDOS (distributed
denial of service) attacks, scan local files and spawn a command
prompt...Cuebot-K propagates by sending itself as a file named 'wgavn.exe' to
more people in the user's 'Buddy List' but without a message...Cuebot-K is
registered as a new system device driver service named 'wgavn'. When a list
of services running on the computer is summoned, the worm appears as 'Windows
Genuine Advantage Validation Notification'...
Cuebot-K's registry entry appears as
HKLM\System\CurrentControlSet\Services\wgavn\
pcadvisor.co.uk
W32/Cuebot-K
http://jayloden.com/index.htm
Quote from Jay:
There is a new virus out at the moment that is more difficult to remove than
most. Symptoms are two services:
O23 - Service: Windows Genuine Advantage Validation (wgav) - Unknown owner -
C:\WINDOWS\system32\wgav.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner -
C:\WINDOWS\winsock\csrss.exe
These two services work in tandem and the winsock\csrss.exe is set to launch
at startup through the "userinit" and "shell" registry keys where it can
recreate the services and entries. I have updated AIMFix to attempt and
remove these services and associated files/entries as completely as possible.
Hopefully this will be successful. If it is not, then I will have no choice
but to work on something more low level such as a direct kernel module that
will have permission to remove these items.
For now I will be crossing my fingers and hope that the existing update is
enough to resolve the problem, since writing a kernel driver is going to be a
much more complicated and time-consuming undertaking.
-Jay
WGA?
http://www.castlecops.com/t160623-W32_Cuebot_KM_worm_Masquerades_as_Microsoft_Antipiracy_Progr.html
Quote:
A piece of malware masquerading as Microsoft's antipiracy tool is doing the
rounds.
The malware has been classified as a worm and spreads through AOL's Instant
Messenger program,... W32.Cuebot-K, a variation in the Cuebot family of
malware. ...Cuebot-K can disable other software, shut off the Windows
firewall, download new malicious programs, perform basic DDOS (distributed
denial of service) attacks, scan local files and spawn a command
prompt...Cuebot-K propagates by sending itself as a file named 'wgavn.exe' to
more people in the user's 'Buddy List' but without a message...Cuebot-K is
registered as a new system device driver service named 'wgavn'. When a list
of services running on the computer is summoned, the worm appears as 'Windows
Genuine Advantage Validation Notification'...
Cuebot-K's registry entry appears as
HKLM\System\CurrentControlSet\Services\wgavn\
pcadvisor.co.uk
W32/Cuebot-K
http://jayloden.com/index.htm
Quote from Jay:
There is a new virus out at the moment that is more difficult to remove than
most. Symptoms are two services:
O23 - Service: Windows Genuine Advantage Validation (wgav) - Unknown owner -
C:\WINDOWS\system32\wgav.exe
O23 - Service: Windows TCP/IP Socket Driver (winsck) - Unknown owner -
C:\WINDOWS\winsock\csrss.exe
These two services work in tandem and the winsock\csrss.exe is set to launch
at startup through the "userinit" and "shell" registry keys where it can
recreate the services and entries. I have updated AIMFix to attempt and
remove these services and associated files/entries as completely as possible.
Hopefully this will be successful. If it is not, then I will have no choice
but to work on something more low level such as a direct kernel module that
will have permission to remove these items.
For now I will be crossing my fingers and hope that the existing update is
enough to resolve the problem, since writing a kernel driver is going to be a
much more complicated and time-consuming undertaking.
-Jay