Hello mailplus, WGA yg demikian ditakuti oleh sebagian windows user non ori,teryata telah diduplikasi kode nya utk dijadikan trojan jahat pengendali dan penganggu PC anda.
================ Hati hati aja!! W32.Cuebot-K spreads via through AIM and disguises itself as Windows Genuine Advantage on infected PCs. Jeremy Kirk, IDG News Service Friday, June 30, 2006 Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system. The malware has been classified as a worm and spreads through AOL's Instant Messenger program, said Graham Cluley, senior technology consultant for Sophos PLC, a security vendor. Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware. The worm has a range of malicious functions. After it's installed, the worm immediately tries to connect to two Web sites, a sign it may try to download other bad programs on the machine. A Nasty Payload Cuebot-K can disable other software, shut off the Windows firewall, download new malicious programs, perform basic DDOS (distributed denial of service) attacks, scan local files and spawn a command prompt, Sophos said. Worms that spread through instant messaging programs often appear as messages or links sent from friends, which trick a user into executing the program. Cuebot-K propagates by sending itself as a file named "wgavn.exe" to more people in the user's "Buddy List" but without a message, Cluley said. Worm With an Ironic Twist If installed on a computer, Cuebot-K is registered as a new system device driver service named "wgavn." When a list of services running on the computer is summoned, the worm appears as "Windows Genuine Advantage Validation Notification" Sophos said. Cuebot-K's registry entry appears as HKLM\SYSTEM\CurrentControlSet\Services\wgavn\. The worm's ironic ruse comes as Microsoft's Windows Genuine Advantage program is being criticized for functioning like spyware. WGA collects hardware and software data on a user's computer and compares it to a database of licensed operating systems. If an improper copy is detected, Microsoft warns the user and cuts off some free downloads. ================== apa sih WGA itu sendiri? menurut http://en.wikipedia.org/wiki/Windows_Genuine_Advantage adl: Windows Genuine Advantage (WGA) is a program initiated by Microsoft that requires users of Microsoft Windows to validate their copy of several Microsoft operating systems when accessing several Microsoft Windows services, such as Windows Update, and downloading from Microsoft Download Center. Previously voluntary, it became mandatory for use of these services in July 2005 thus disini membuktikan bahwa WGA bukanlah system file windows,namun hanya program pendeteksi. When a user installs WGA, an Internet Explorer Add-on is added entitled "Windows Genuine Advantage." In early releases this could be readily disabled with the IE Add-on Management feature. A Windows Group Policy was added by later updates, causing this option to be unavailable by default - but still accessible if the policy was removed. As of May 2006, the latest update blocks management by some other means, possibly hard-coding WGA as an exception in the Add-on Manager. The program uses either a stand-alone program to generate a key or an ActiveX control to discover if the license key is valid. If WGA determines that a user's copy of Windows was unauthorized, and the CD appeared genuine (including the holographic emblem present on real copies of Windows), then Microsoft will supply the user with a new CD. Microsoft also offers discounts to people who want to purchase a legitimate copy of Windows, but do not have a valid CD. Microsoft has indicated that they will continue to deliver critical security updates through their Automatic Updates service as well as on the Microsoft Download Center. The company does plan to make installation of WGA a requirement for use of Automatic Updates in part to be sure that customers who use support resources of the company are aware when their software is unlicensed or counterfeit. Although installation of WGA will be required for use of Automatic Updates all systems including those that fail to pass validation will receive critical security updates. Beginning April 25, 2006, Microsoft began distributing Windows Genuine Advantage Notifications[1] as a "critical update" KB905474 to millions of Windows users. Users with unofficial copies will be exposed to alerts[2] at startup, login and during use of the Windows OS stating that they do not have a genuine copy of Windows. Users with legitimate copies will not see the alerts. On May 23, 2006, Microsoft updated the program, closing some forms of circumvention, but reportedly not all[3]. It was updated again on May 30, 2006, June 6, 2006 and June 27, 2006 though some forms of circumvention are still usable. The latest versions do not roll out world wide at the same time - the dates given are the earliest dates on which the versions appeared, so the actual version being offered in some places will be an earlier version than the latest release. It is still possible to opt-out of receiving this update using the "do not show" option at the Windows update site. Microsoft has also launched the Office Genuine Advantage program, which validates installations of Microsoft Office. dan ternyata situs Microsoft pun MEMBERIKAN CARA UTK MEREMOVE NYA SENDIRI.... Some personal firewalls, though not the basic one in Windows, may alert on the method by which wgatray.exe is started, in the case of Outpost firewall, it is identified as a "hidden process". The wgatray.exe process itself can be firewall blocked, without apparent problems. Removing the reference to WGALOGON.DLL using HijackThis appears to effectively de-install this update, to the point where it will be offered again if it has not been marked "do not show". A tool has been released by a firewall vendor to prevent WGA Notifications transmitting information from one's PC [7]. On Windows XP, under User Accounts in Control Panel, it is possible for an administrator to change the option of using the Classic Login Screen as an alternative to the Welcome Screen. It is suggested that when using the Classic Login, the prompts are not as frustrating as the graphics on the Welcome Screen. TERNYATA MUDAH YAH....!!! -- Best regards, Nero YM : [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] Send instant messages to your online friends http://asia.messenger.yahoo.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/mailplus/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
