With all the talk about WGATray.exe lately on the web, I search my machine and found the Advantage programs in the WINDOW/SYSTEM32 folder. When I boot my machine I’ve noticed that WGATray is being executed in the Task manager for a few seconds. What I’m surprised at, is that I don’t get any sort of message from the Personal Fire. Does anyone know why?

CPF will not show you any warning unless it detects internet connection request. So if WGATray.exe does not connect to the Internet, you wont see any messages. But there may be a case the that WGATray.exe uses svchost.exe to connect to the Internet(I am not sure). This is similar to the way background intelligent transfer service works. CPF will be updated tomorrow(friday) to detect such behaviors. But current version wont detect this. BITS hijacking was a serious risk which has been fixed as of version 2.2.xxx. So after the update, you may see some alerts.

Hope this helps,


Thanks for info, I will post my results after I upgrade.

(B) The lastest updates did it. Like you suspected it uses svchost.exe. Even with secure host while booting not check off.


what’s the rumor with WGATray.exe ?

nvm… I think i found it [url]http://abcnews.go.com/Technology/wireStory?id=2050935[/url]

So, i gather everyone is denying this “phone home”?

Hi Paul,

This is a good news. This svchost.exe hijacking is much more serious issue than many people may think. I am quite sure that new trojans will use this functionality easily to phone home in the near future. Because you dont even have to apply any special bypassing technique. No memory infections!No DLL injections! No buffer overflows! Windows do ask “Where do you want to go today?”.
So trojans will tell Windows they want to go home as WGATray is doing.

Thank you for the feedback,


Simple. It connects to the Internet and no firewall(except CPF, afaik) detects this attempt. For me, the technique used by WGATray.exe is the point what should be taken as seriously. A very affective leak point waiting to be exploited by malware.

Just FYI.
There is a wgatray.exe remover at:

It tells you if wgatray is active or not, and if yes, you can remove it, supposedly.
(I did not install wgatray on my machine, so I don’t know if it will work well or not.)

We are the only Firewall that protects agains this out of box!
nothing else comes even close!