Danger level 8
Type: Malware
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

Windows Genuine Advantage Virus

The Windows Genuine Advantage virus is a warning notifying you if your Windows XP version is genuine. The Windows Genuine Advantage notification is displayed only when the computer fails WGA validation process. If you have a genuine copy of Windows XP, you will not receive this notification. Unfortunately, cyber criminals have already exploited Windows Genuine Advantage to deceive unsuspecting users into paying a ransom fee of either €50 or €100. The computer infection, categorized as ransomware and sometimes referred to as virus, locks the screen of the target computer and displays a bogus Windows Genuine Advantage warning, which informs the victim that the WGA validation process has failed; thus, he/she is forced to acquire either a license for Windows or upgrade to Windows 8.

It is crucial to ignore the warning of the Windows Genuine Advantage virus because it is a scam. If you have ever heard of ransomware, you probably know that the victims of this type of threats are usually made to use online payment systems. In the case of the Windows Genuine Advantage virus, the services of Ukash or Paysafecard are presented. Moreover, after paying the required sum of money, you would have to wait up to 12 hours to have the computer unlocked. There is no guarantee that the criminals behind the Windows Genuine Advantage infection will unlock the computer, which is why you should remove the infection instead of paying up.

The deceptive warning may be very convincing especially when it is written in your native language. It has been discovered that the Windows Genuine Advanced virus is capable of identifying your location and changing the language of the warning. Below you will find an excerpt from the warning in German:

Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bemühens von Microsoft, Softwarepiraterie einzudämmen. Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten Windows Version um eine Originalversion oder Raubkopie handelt. Leider konnte diese Prüfung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf Ihren Computer temporär gesperrt. Als Gründe hierfür gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie).

The fact that your computer is infected with a ransomware infection implies that the computer is not properly protected against various computer infections. Moreover, you should keep in mind that malicious programs such as the Windows Genuine Advantage virus can be installed on the computer in various ways, including insecure adult-oriented websites, P2P file exchange websites, and malicious email attachments. If you want to remove the Windows Genuine Advantage virus and browse the Internet safely, you should implement a reputable security programs; otherwise, you the computer remains susceptible to malware.

Below you will find our instructions on how to remove Windows Genuine Advantage, the malicious program, and, if have any questions concerning the removal, feel free to leave a comment below.

How to remove the Windows Genuine Advantage virus

  1. Restart the computer.
  2. Once the BIOS startup screen appears, start tapping the F8 key.
  3. Select Safe Mode with Networking.
  4. Open the Start menu and click Run.
  5. Type in msconfig and open the Startup menu.
  6. Click the Disable All button.
  7. Launch an Internet browser and go to http://www.pcthreat.com/download-sph to download SpyHunter.
  8. Install the program.
  9. Restart the computer and launch a system scan.
Download Spyware Removal Tool to Remove* Windows Genuine Advantage Virus
  • Quick & tested solution for Windows Genuine Advantage Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Genuine Advantage Virus

Files associated with Windows Genuine Advantage Virus infection:

bvhylsviw.exe
dqnbdq7.dss
administration.exe
VaultSysUi.exe
dtkmujvo.exe
acuvzomo.exe
obvwo.exe
p1.exe
zqmkrehUkpoKfsafsaZg.exe
%AppData%
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
uenovfiu.exe
iner.exe
%SystemDrive%\????????????
msnmsgrr.exe
mplayer2.exe
audipbrd.exe
OmaSG21e.exe
msshell.exe
%APPDATA%\Task Scheduler
96dddda4.dll
C87C.exe
NTServiceManager.exe
bf8h8d02hf.exe
brenasa.exe
UpgradeHelper.exe
%WINDIR%\Temp
questscan.dll
yaiiwockc.dll
csrsss.exe
DLL321.dll
%APPDATA%\system
2084473.dll
DA0B.exe
ex3b.dll
sqlncli.exe
ieudator.dll
najeoxtt.exe
xmlfilter.exe
Updating.exe
ifgxpers.exe
install_0_msi.exe
taskhost.exe.exe
WinSyncMetastore.exe
comeo.exe
JfCqQ5JC.exe
hwj3ba6j.dss
%TEMP%
Q3d38543.exe
aPr0hY9.exe
gcrwcoak.exe
%LOCALAPPDATA%\lollipop
n.
ubvhynpxh.exe
pmstcdjwz.exe
50E1.exe
WINDED6.exe
SyncHostps.exe
ACEIEAddOn.dll
idiokbbrv.exe
Piranha.exe
msdtmsrd.exe
puozlkmyj.dll
m2PythonLoader.exe
%ALLUSERSPROFILE%
oygqyunapnp.exe
b34btbztdb0vavaw.exe
systemcpl.exe
videotwisterSA.exe
UpdatePriv.exe
setex.exe
87b2cb3916261d5c807bf44262755cb0.exe
rvcbcyks.exe
xaZYOVJW.exe
crack.exe
TimeDateMUICallback.exe
wlsidten.dll
ctfmon.exe
Task Scheduler.exe
MusicCollector.exe
jsdhlexdqkllnbcxgai.bfg
wgsdgsdgdsgsd.exe
00qbipeq.exe
pYunY8m4VL3qLc.exe
xlqbteeb.exe
%APPDATA%\updates
scvhost.exe
%UserProfile%
dyjdl.exe
Nbt.exe
svchost.exe
wpbt0.dll
xctqakcqbeo.dll
%LOCALAPPDATA%\Temp
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
bzsbkotiu.exe
ssntvs.exe
wlsidten.exe
secproc_isv.exe
msavfit.exe
00b5d693.exe
rool0_pk.exe
Other.res
wahneaqa.exe
skype.dat
msn.exe
%CommonProgramFiles%
%ALLUSERSPROFILE%\Application Data
wjthvwjb.dss
魔法桌面第三方主题破解补丁V1.1.exe
%WINDIR%\system32
Firewallservice.exe
securitywindrv.exe
3511172082012Build.exe

Windows Genuine Advantage Virus DLL's to remove:

yaiiwockc.dll
questscan.dll
ACEIEAddOn.dll
xctqakcqbeo.dll
ex3b.dll
puozlkmyj.dll
wlsidten.dll
96dddda4.dll
DLL321.dll
wpbt0.dll
2084473.dll
ieudator.dll

Windows Genuine Advantage Virus processes to kill:

dyjdl.exe
rool0_pk.exe
msdtmsrd.exe
TimeDateMUICallback.exe
UpgradeHelper.exe
m2PythonLoader.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
00b5d693.exe
NTServiceManager.exe
pYunY8m4VL3qLc.exe
Q3d38543.exe
JfCqQ5JC.exe
gcrwcoak.exe
WinSyncMetastore.exe
C87C.exe
brenasa.exe
pmstcdjwz.exe
OmaSG21e.exe
idiokbbrv.exe
securitywindrv.exe
00qbipeq.exe
taskhost.exe.exe
xmlfilter.exe
bzsbkotiu.exe
audipbrd.exe
Firewallservice.exe
wahneaqa.exe
msn.exe
bvhylsviw.exe
acuvzomo.exe
systemcpl.exe
Task Scheduler.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
VaultSysUi.exe
wlsidten.exe
videotwisterSA.exe
Nbt.exe
rvcbcyks.exe
sqlncli.exe
b34btbztdb0vavaw.exe
zqmkrehUkpoKfsafsaZg.exe
setex.exe
UpdatePriv.exe
ifgxpers.exe
xlqbteeb.exe
DA0B.exe
msnmsgrr.exe
msavfit.exe
mplayer2.exe
xaZYOVJW.exe
csrsss.exe
ubvhynpxh.exe
secproc_isv.exe
WINDED6.exe
najeoxtt.exe
ssntvs.exe
p1.exe
msshell.exe
wgsdgsdgdsgsd.exe
comeo.exe
uenovfiu.exe
administration.exe
dtkmujvo.exe
svchost.exe
obvwo.exe
crack.exe
50E1.exe
install_0_msi.exe
ctfmon.exe
oygqyunapnp.exe
aPr0hY9.exe
scvhost.exe
bf8h8d02hf.exe
iner.exe
Updating.exe
3511172082012Build.exe
SyncHostps.exe
Piranha.exe
魔法桌面第三方主题破解补丁V1.1.exe
87b2cb3916261d5c807bf44262755cb0.exe
MusicCollector.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.