Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Genuine Advantage Validation Tool


  • Please log in to reply
1 reply to this topic

#1 Tricnic

Tricnic

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2006 - 03:01 PM

This startup item is one of the latest updates by Microsoft in an attempt to combat fake license use and software piracy.

Program Name: WGA Alert Manager
File Name: WgaTray.exe
Description: Found in %windir%\System32, %windir%\System32\dllcache and %windir%\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a, this program will run in the systray and pop up warnings that "You may be a victom of Software Conterfeiting" every 15 mins or so. This will only appear if your Windows XP installation is detected as invalid or fake.
Is it Needed? N It only runs if you are using an fake/invalid Windows CD Key, but, since it is an anti-piracy utility from Microsoft, you cannot shut it down. Each time you end task on the WgaTray.exe file, or try to delete the file in any of the locations, it will recreate and relaunch the program.

Hand in hand with the previous file is the other half of this update.
Program Name: WGA License Validator
File Name: WgaLogon.dll
Description: Found in the same folders as WgaTray.exe, it checks the validity of the License on bootup and runs WgaTray.exe if it is not valid.
Is it Required? Y, according to Microsoft this is a critical anti-piracy tool which is intended to protect the end user from piracy and counterfeiting.

All in all, this update, which has been termed "nagware" in some cases, seems to act a lot like spyware and, in my opinion, could potentially be used for data mining by Microsoft, or even a rogue coder. In addition, it seems to me to be vulnerable to hijacking and could be used by unscrupulous programers as a platform to further infest your computer with malicious code.

That being said, I should probably note that this is my impression of this update, and may in no way be the actual truth. But, if it looks like a camel, smells like a camel and spits in your face like a camel, it must be a camel. Same thing goes for spyware.

*A note...I have developed a way to get rid of the popups, notifications and such entirely. It only took me about an hour to completely shut it down. I did this so I didn't have to see the annoying pop-ups while I worked on fixing this problem. I used many of the same techniques stopping the popup from WGA as I use when shutting down ad/spyware. =(

Edited by Tricnic, 16 May 2006 - 03:21 PM.

Tricnic
--"Nothing good can ever come from staying with normal people." -Harry McDougal, "Outlaw Star"

BC AdBot (Login to Remove)

 


m

#2 Tricnic

Tricnic
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 17 May 2006 - 03:51 PM

*A note...I have developed a way to get rid of the popups, notifications and such entirely. It only took me about an hour to completely shut it down. I did this so I didn't have to see the annoying pop-ups while I worked on fixing this problem. I used many of the same techniques stopping the popup from WGA as I use when shutting down ad/spyware. =(



I would like to clarify what I meant here. Thank you to the forum mods for catching a possible misunderstanding and bringing it to my attention.

The techniques I used to shut down the popups were used for the sole purpose of getting rid of the notification portion. In no way did it bypass, circumvent or otherwise break the validation process. That validation process still occurs, it just does it quieter. Should I go to the Windows Update site, it would still be an invalid installation. The only thing it did was stop the validation from popping up a message stating that it was not valid.

The reason I did this is because I spent a number of hours clicking the "X" on the balloon popup every 5-10 minutes while I worked with Microsoft to determine the actual validity of the installation and the CD-Key used. As it turns out, the installation was actually invalid and I then took the proper steps to get it valid.

My point in making the statement was intended only as a means of comparing the similarities between Microsoft's nagware and ad/spyware I remove on a regular basis.
Tricnic
--"Nothing good can ever come from staying with normal people." -Harry McDougal, "Outlaw Star"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users