WgaTray.exe

Discussion in 'Windows XP Security' started by trimis, Dec 23, 2020.

  1. trimis

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    504
    Likes Received:
    146
    For many months now I have noticed every time I insert a Lexar flashdrive, it flashes continuously for like 15 minutes. Today I got a hunch that some sort of spyware might be scanning it, and/or copying it to the internet. I fiddled with SterJo Netstalker, and it looked like the culprit was 13.107.4.50, which turned out to be 'WgaTray.exe'. I went to majorgeeks, and installed RemoveWGA 1.2, then re-inserted the flashdrive. It flashed a few times, then quiet.

    Not sure, but I now suspect WgaTray.exe was doing more than just checking to see if windows is genuine.
     
    trimis, Dec 23, 2020
    #1
    1. Advertisements

  2. trimis

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,639
    Likes Received:
    568
    Location:
    Florida
    I would suggest a full indepth scan of your pc.
     
    Elizabeth23, Dec 24, 2020
    #2
    trimis likes this.
    1. Advertisements

  3. trimis

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    504
    Likes Received:
    146
    I run Malwarebytes Free 3.5.1.2522, Superantispyware 8.0.1046, and Adwcleaner 6.0.4.5 consecutively, once a week. Next due date in couple days, but I don't expect to find anything. SterJo Netstalker lists all outgoing connections, and 13.107.4.50 was the only one I did not recognize. Since nuking WgaTray.exe, the frantic 15+ minutes flashing of the Lexar jumpdrive is down to under a minute. Pretty sure I found the culprit.
     
    trimis, Dec 24, 2020
    #3
  4. trimis

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    504
    Likes Received:
    146
    Turns out you were right. Malwarebytes Free 3.5.1.2522 found a PUP. I saw no option for actual removal/deletion, so I went with quarantine. The subsequent running of Superantispyware and Adwcleaner did not find it, so I guess it is tucked away in the XP attic, in permanent timeout.
     
    trimis, Dec 27, 2020
    #4
  5. trimis

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,639
    Likes Received:
    568
    Location:
    Florida
    it can be deleted from within the quarantine page.

    I do not use supterantispyware and adcleaner , just malwarebytes and 360, also when I download an item I scan it before opening :)
     
    Elizabeth23, Dec 27, 2020
    #5
    trimis likes this.
  6. trimis

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    504
    Likes Received:
    146
    Thanks a lot! Never saw that, but then I never explored Malwarebytes much. I have not downloaded anything (other than Centaury) for at least a month or so. Either I got it from there, or the PUP was one of them driveby-downloads. Anyway, thanks to you its kaput!
     
    trimis, Jan 1, 2021
    #6
    Elizabeth23 likes this.
  7. trimis

    WindowsCP

    Joined:
    Dec 1, 2020
    Messages:
    26
    Likes Received:
    12
    You can get rid of WGA. It's called WGA killer. I can get that to you. It's not like you can buy a license anyways. It can't communiate so it hangs on you.
     
    WindowsCP, Jan 7, 2021
    #7
  8. trimis

    trimis

    Joined:
    Sep 19, 2013
    Messages:
    504
    Likes Received:
    146
    As mentioned, the RemoveWGA 1.2 (from majorgeeks) did the job, and I have its link on flashdrive for install on Win 7. I'll let Win 7 'phone home' for maybe a week (I think WGA checks in everyday on startup), then silence it.
     
    trimis, Jan 9, 2021
    #8
    WindowsCP likes this.
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.