New malware recently discovered on at least two help sites.
AUMHA FORUMS
DaniWeb
The file name is wgavn.exe
It creates a service named "Windows Genuine Advantage Validation Notification", as seen in the HijackThis log.
O23 - Service: Windows Genuine Advantage Validation Notification (wgavn) - Unknown owner - C:\WINDOWS\system32\wgavn.exe
Researchers report the malware disabled various security applications and System Restore.
More here
Posted
Fri, Jun 30 2006 6:30
by
Susanh