Home / malware HackTool:Win32/Wpakill.B
First posted on 15 February 2019.
Source: MicrosoftAliases :
There are no other names known for HackTool:Win32/Wpakill.B.
Explanation :
Win32/Wpakill.B tries to to bypass the Windows activation technologies in Windows 7.
It disables components by either terminating processes or by stopping services. It can also change several Windows files.
Files affected by Win32/Wpakill.B include:
SLUI.exe (Windows activation client) Systemcpl.dll slwga.dll (software licensing WGA API) sppcomapi.dll (software licensing WGA API) systemcpl.dll (software licensing library) user32.dll (patched Windows component) WatWeb.dll WatAdminSvc.exe WatUX.exe
Win32/Wpakill.B deletes the Windows service WLMS. It also stops the service Sppsvc and disables it from automatically running when Windows starts.
It disables the following scheduled tasks:
MicrosoftWindowsWindows Activation TechnologiesValidationTask
MicrosoftWindowsWindows Activation TechnologiesValidationTaskDeadline
These tasks are part of the anti-piracy Windows activation technologies update KB971033.
Analysis by Dan NicolescuLast update 15 February 2019