One earlier and now there’s 2nd … it’s at Daniweb‘s forum (Thanks to Microsoft MVP Robear Dyer for the link). The bad file is faking Microsoft’s Windows Genuine Advantage Notification and Validation Tools.
As you can see on earlier (the first report).. there is a service name called “Windows Genuine Advantage Validation Notification” and the offending filename is wgavn.exe. Again, there is no Windows services for the legitimate Windows Genuine Advantage (WGA) tool by Microsoft. Also, the names of the legitimate tools are:
- Windows Genuine Advantage Validation Tool
- Windows Genuine Advantage Notification Tool
Note that the Validation Tool don’t have Notification on it’s name.. the malware service has!
The Windows Genuine Advantage Validation Notification is a disguise Windows Services and was created by a malware. BTW, the offending file isn’t detected yet by many antivirus program (yup, those antivirus program that are widely-used don’t detect it yet) [:(] But let’s not worry much because our malware-fighters are doing their job to.. you know.. fixing the infected systems, advise the community and notify the security vendors. You should help too by being careful on anything you do online.