Subscribe
The file is packed and encrypted to hide it
Stop the service, and then remove HKLM\\System\\CurrentControlSet\\Services\\wgareg from registry, kill the process, then erase %SYSTEMROOT%\\wgareg.exe
1. Presence of wgareg.exe file in %SYSTEMDIR%
2. Presence of the following registry key:
HKLM\\System\\CurrentControlSet\\Services\\wgareg
3. Presence of a service with the following properties:
Name: wgareg
Display Name: Windows Genuine Advantage Registration Service
Description: "Ensures that your copy of Microsoft Windows is genuine and registered.
Stopping or disabling this service will result in system instability"
This service will be restarted by Windows if it is killed.
4. Windows Security Center Firewall and anti-virus monitors are disabled.
5. Active TCP connection to bniu.househot.com or ypgw.wallloan.com on port 18067
6. A harmless file named dcpromo.log exists in %WINDIR%\\Debug\\ size 0 bytes.
7. A mutex is created with name "wgareg".
8. AIM (AOL Instant Messanger) may be forced to close.
9. Possible increase of internet traffic.
Hot Articles