Watch out! It seems there is malware that fakes Windows Genuine Advantage Notification and Validation Tool

See the topic at AUMHA (thanks to Microsoft MVP Steve Wechsler for the link).  The HijackThis log show:

O23 - Service: Windows Genuine Advantage Validation Notification (wgavn) - Unknown owner - C:\WINDOWS\system32\wgavn.exe

Note that, the legitimate Windows Genuine Advantage Notification Tool is WgaTray.exe located in WINDOWS\system32 and there is no Windows Services for it!  The said file is being requested for further analysis.

 

Published Wed, Jun 28 2006 19:47 by donna
Filed under:

Comments

Thursday, June 29, 2006 3:42 PM by Donna's SecurityFlash

# Argh! 2nd instance of fake Windows Genuine Advantage Notification

One earlier and now there's 2nd ... it's at Daniweb's forum.  The bad file is faking Microsoft's...