No Charge for Windows Genuine Advantage

May 5th, 2007 by Corrine

I learned from fellow MVP, Donna Buenaventura, that Symantec has identified as Trojan.Kardphisher. The Trojan is installed when the PC is restarted. A window appears that has been designed to look like the Windows Genuine Advantage (WGA) Activation Form.

There are two options presented on the form — activate now or later. According to Symantec, it isn’t possible to run Task Manager or any other applications. Choosing no results in immediate shutdown of the computer. Selecting yes presents an activation window, but not quite what is provided by Microsoft.

Kardphisher Trojan
(Image from Symantec)

The trojan window requests credit card information. Microsoft does NOT request credit card information for WGA Activation. Do not be tricked into providing credit card information. Instead, update your antivirus software and run a full system scan. If you need assistance, follow the instructions for posting a log here at Security Cadets in the HijackThis Logs and Analysis – Malware Removal forum. You can also discuss it here in detail.

Share|
Security | 1 Comment »

Comments (1)

  1. milligansghost says:
    05/05/2007 at 19:18

    Urgh it do get worse dont it
    i wonder what they will think of next …
    on the whole you would think that people would know WGA dont need creditcard details

Leave a Reply

Download SCars (Beta) v0.6.5b2


Download SCars

Click here for the secondary mirror.

Testimonials for SCars

  • "SCars is probably one of the better programs I have in my arsenal to help keep people up to date and cleaned up. Yes, you could tell people to run cleanup programs once a week. Or you could get SCars to remind them!" - Olrik Lenstra
  • Contact us to add yours.

Securitycadets on Facebook


Securitycadets on Facebook

Recent Posts

Categories

Popular Posts