Wednesday, May 03, 2006

Microsoft Out To Destroy Pirates!

I updated my system today to find this sneaky update spyware from MS and was most displeased. A pop-up telling me that I had somehow been duped into buying non-licensed software! The horror! Followed by a link on how to buy my way out of correct the problem. The link I followed was dead, and said that this option was not available in my region... So try as I might to legalize my copy of Windows, I couldn't. They can't say I didn't try. Below is the solution I found of someone with the same problem:

Man, I couldn't believe it was Microsoft who finally got my system infested with spyware! An unkillable process? Popup windows? A prompt you have to click at logon? My GOD!!! But it's ok. You CAN get rid of it:

There are 2 parts to this spyware popup: WGAtray.exe and wgalogon.dll. Killing the WGAtray.exe process causes it to reappear in 1 second. With it present, WGAlogon cannot be deleted. And you can't delete it while it's running. Seem impossible? Nah.

First, you need to have an Explorer window open and pointing to the C:\windows\system32 folder, where the spyware resides (interestingly, doing a hard drive search for "wgatray" turns up nothing- clever spyware, this is!). And you have to have Task Manager open, right beside the Explorer window. This is tricky, and must be done fast- you kill the process in Task Manager, and before the spyware can reopen itself, you must delete WGAtray.exe in the Explorer window. You only have a split second, but it is possible. Once the spyware .exe is gone, you must reboot your computer.

Yes, now you will see the spyware's nag screen. No problem, it's the last time. When you DO finally get to the desktop, do a search "for WGAlogon.dll" You will find 2 copies, one in system32 and one in the dllcache folder. Without the WGAtray spyware to protect them (did you notice it was gone? YAY!), you can rename and then delete both these spyware .dll's. Your system may hang when you reboot it the first time, but when it is brought back up, THE SPYWARE IS ALL GONE.

Whew. Man, I may have to stop using Windows Update. It installs spyware!

I'm afraid of these malware writers coming after me for defeating their product, so I can't provide my real email. But feel free to share this malware removal process with the world.

(Via: The Inquirer)

No comments: