MBAM and RemoveWGA

Discussion in 'other anti-malware software' started by FanJ, Jan 26, 2010.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,179
    Hi,

    Suddenly Malwarebytes' Anti-Malware is giving this warning on RemoveWGA:
    D:\RemoveWGA\Version 1_1\RemoveWGA.exe (HackTool.RemoveWGA)

    RemoveWGA was made in the past by gkweb, see:
    https://www.wilderssecurity.com/showthread.php?t=135257

    I know that gkweb later removed his tool.
    And I understand that.

    (Please note that I have a legit Windows !!!)

    I'm just wondering why MBAM is suddenly now giving a warning about it.
    And why, if MBAM wants to do that, it is only giving a warning on version 1.1 and not on 1.02 or 1.2
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,007
    Location:
    Last Breath Farm
    A question that only MBAM can answer accurately?
    Did you report false positive?
    And why not get just get rid of the old version?
    :)
     
  3. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,961
    From the detection name it does not look like a FP
     
  4. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,814
    It's a tool to crack Windows 7 Activation. By Removing it all together. This thing has been floating around for a wile now. Aslo Mbam also detects Windows XP Activation cracks as I.Stole.Windows. You don't know how many keys I had to order for customers just because there windows was not Legit.
     
  5. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Last edited: Jan 26, 2010
  6. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    You cant post VT logs here but you can post how to look them up without the actual file .

    Google for "RemoveWGA.exe" in advanced mode on domain virustotal.com , the answer is there .
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.