none
Virus that mimics the "WGA" Tool RRS feed

  • Question

  • I seem to have picked up a virus that mimics the "windows genuine advantage" tool - it opens a notification window everytime I logon, it was removed by using the steps below....

    1. boot in safe mode, open c:/windows/regedit.exe and search for wgalogon - when found delete the folder and all keys within

    2. search c:\windows for wga*.* and delete everything you find, if you cant delete something reboot in safe mode and then try and delete again.

    3. final search of c:/windows for any re-appearing wga*.* files - and final search of registry to make sure wgalogon has not reappeared

    4. boot as normal

    Saturday, May 2, 2009 12:47 PM

Answers

  • Good Morning Icarvz,

    Thank you for visiting the Windows Genuine Advantage (WGA) program forum. In an effort to focus more attention on your particular situation, I am going to split your post into a new thread.  Splitting threads are done to mitigate confusion caused by more than one posting about similar   topics, allowing us to focus on each customer individually.  You can also re-post your question in a new thread of your own. Use the following link:

     http://forums.microsoft.com/Genuine/ShowForum.aspx?ForumID=442&SiteID=25

    Thank you for visiting the Windows Genuine Advantage (WGA) program forum.


    Thank you


    Stephen


    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own which will help minimize confusion. If any post fixes your issue, please click the "Post was Helpful" button for that post. This will help us showcase the threads that best help our customers. Thank you, Stephen Holm
    • Marked as answer by Stephen Holm Monday, May 11, 2009 5:33 PM
    Monday, May 4, 2009 4:42 PM

All replies

  • Good Morning Icarvz,

    Thank you for visiting the Windows Genuine Advantage (WGA) program forum. In an effort to focus more attention on your particular situation, I am going to split your post into a new thread.  Splitting threads are done to mitigate confusion caused by more than one posting about similar   topics, allowing us to focus on each customer individually.  You can also re-post your question in a new thread of your own. Use the following link:

     http://forums.microsoft.com/Genuine/ShowForum.aspx?ForumID=442&SiteID=25

    Thank you for visiting the Windows Genuine Advantage (WGA) program forum.


    Thank you


    Stephen


    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own which will help minimize confusion. If any post fixes your issue, please click the "Post was Helpful" button for that post. This will help us showcase the threads that best help our customers. Thank you, Stephen Holm
    • Marked as answer by Stephen Holm Monday, May 11, 2009 5:33 PM
    Monday, May 4, 2009 4:42 PM
  • I have the same virus and did the above and was successful but as soon as I booted normal, virus is back.  Anyone seen another post that might help?  So far I am just booting in safe mode and redoing the above.  Next I will try rebooting in safe mode with network and see if I can download adaware or such.

    I just researched the registry for wgalogon and it was clean.  Wga*.* also was clean so what I must have is another virus.  This puts red letters on the wallpaper screen, guess I have to go after it seperately.  So the above worked for wga but I guess I have more to deal with.

    It comes up and says system security warning you are in danger in red
    <ctrl><alt><del> and everything else is blocked
    Sunday, July 19, 2009 8:51 PM