Home / malware HackTool:Win32/Wpakill.B
First posted on 31 July 2010.
Source: SecurityHomeAliases :
HackTool:Win32/Wpakill.B is also known as RemoveWAT (other).
Explanation :
HackTool:Win32/Wpakill.B is the detection for a program that attempts to bypass the Windows Activation Technologies (WAT) in Windows 7.
Top
HackTool:Win32/Wpakill.B is the detection for a program that attempts to bypass the Windows Activation Technologies (WAT) in Windows 7. When run, this program disables the following components by either terminating processes or by stopping services. HackTool:Win32/Wpakill.B may also modify several Windows files. Files affected by HackTool:Win32/Wpakill.B include the following:SLUI.exe (Windows Activation Client) Systemcpl.dll slwga.dll (Software Licensing WGA API) sppcomapi.dll (Software Licensing WGA API) systemcpl.dll (Software Licensing Library) user32.dll (patched Windows component) WatWeb.dll WatAdminSvc.exe WatUX.exe HackTool:Win32/Wpakill.B deletes the Windows service "WLMS". Win32/Wpakill.B also stops the service "Sppsvc" and disables it from automatically starting at Windows start. The malware disables the following scheduled tasks which are part of the anti-piracy Windows Activation Technologies update KB971033: \Microsoft\Windows\Windows Activation Technologies\ValidationTask
\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Analysis by Dan NicolescuLast update 31 July 2010
