This nasty doesn't masquerade as the WGA tool in order to get on the system... it simply utilizes AOL Instant Messenger to get on the system then masquerades as the WGA tool in an attempt to look innocent and blend in with its surroundings so it doesn't get booted out.
This is a particularly nasty piece of work. It establishes a back door then turns off AV, firewall and other security programs as well. It also tweaks the registry so those programs cannot be turned back on again and makes additional changes so that the security center will no longer alert the user that their system is unprotected.
If this thing got on my system, I would probably just nuke and pave as there is no way I could be certain of my system's security after this malware had free rein to tamper with the system settings, etc.
There's an article on it here...
http://blogs.zdnet.com/Spyware/?p=838You can see it in action here...
http://aumha.net/viewtopic.php?p=118674