Won't validate after virus... RRS feed

  • Question

  • OK, so I recently got a virus / trojan thing. I believe it was related to Zlob-Media Codec, as I had all the symptoms it has. I got rid of the virus, but now my copy of windows is saying it won't validate. I have tried multiple time to do so, have tried all solutions on KBA #822798, and my copy of windows is legitimate. So, anybody got any ideas?

    Diagnostic Report (1.7.0095.0):
    WGA Data-->
    Validation Status: Not Activated
    Validation Code: 1
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-TJ9DY-DXTT6-DBPJR
    Windows Product Key Hash: Eju9bEa0U5NYGrNZ8OxqgrWD9ko=
    Windows Product ID: 76488-014-4246856-22315
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    CSVLK Server: N/A
    ID: {C07D2E7D-DD1D-4C13-AF88-E1476D97EB3A}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered,
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntoskrnl.exe[5.1.2600.5512]
    File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5512]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C07D2E7D-DD1D-4C13-AF88-E1476D97EB3A}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DBPJR</PKey><PID>76488-014-4246856-22315</PID><PIDType>0</PIDType><SID>S-1-5-21-796845957-1935655697-839522115</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>122-CK-NF68</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="4"/><Date>20080122000000.000000+000</Date></BIOS><HWID>C196317701848E7A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5300B31CA681586</Val><Hash>1955BTulIC4XOojh34GfcBkrI/U=</Hash><Pid>89388-707-9438524-65101</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>  

    Monday, July 28, 2008 7:23 AM


All replies

  • Once your PC is infected with a computer virus or worm, your
    computer becomes compromised and nothing less than a reinstallation
    of the operating system is going to work.  Yes, you can try
    to scan and eliminate the initial virus, but you generally
    cannot undo the damage caused by the virus to the system
    files.  You'll need to reformat your hard drive and then
    reinstall your Windows operating system.

    Cleaning a Compromised System

    Clean Install Windows XP

    After restoring your system, consider installing a good
    antivirus program, such as Windows OneCare.  You can
    try it absolutely FREE for 90 days.

    Please note: I am not a Microsoft employee...only a voluntary forum contributor.
    Monday, July 28, 2008 12:33 PM
  • gothic251,

    In addition to the virus infection, the diagnostic report analysis shows that the Windowx XP Professional is genuine, but not active but that the Office Enterprise 2007 is a keygen key.

    We are sorry to hear about the problem your currently experiencing. Diagnostic results help our team in determining the root cause of your issue. The Office Enterprise 2007 product key installed on this computer was not assigned by Microsoft. The key is counterfeit and was most likely generated by a key generator. The product key found on your computer has been detected on multiple computers. Product keys are only allowed to be used on one computer unless otherwise specified in the end user licensing agreement (EULA).   You will find numerous sites where this key has been posted.  Use your favorite search engine and paste in the product key.  Below could be a possible scenario.   

                There are situations which can cause Windows and Office to become non-genuine. Let me give one example.  Customers have taken in their systems along with all the software received when purchasing their system. The customer picks up the system and viola' no problems whatsoever until they need to download an update or even a template used with MS Office. Suddenly their system is non-genuine. The customer's computer was not installed with their software but either a blocked Volume Licensing Key (VLK) or a keygen’d product key. Also the software could work for several weeks, months or even a year or more then suddenly becomes blocked. 

     This is why you may be seeing the "Software Counterfeiting" messages on your computer. You will need to uninstall Office Enterprise 2007 before any further complications occur from being non-genuine. As a customer there are several options available for you to get Genuine. For details on the ways to “Get Genuine”, see the web page that outlined your validation failure details or http://www.microsoft.com/genuine .  It will provide all of the possible steps which you can take. Also please review the Validation Advisor for further guidance at:



    First, if this comes as a total surprise to you, please visit the retailer where you purchased the computer or operating system and let them know the operating system is a counterfeit copy.  Please print a copy of the diagnostic report so you may show them proof for the VLK status. Request they immediately reimburse you and/or provide a Genuine Copy.


    Windows Genuine Advantage (WGA) is here to help protect YOU, our valued customer. It is important for more people like you, who have become victims, to report piracy @ http://www.microsoft.com/piracy/default.mspx  . Microsoft legal will follow up on all leads provided.  Submitting piracy reports will assist in stopping unscrupulous business practices.  You may be eligible for free software if you have high quality counterfeit discs. 


                     Again, we are sorry to hear about your situation. Please be sure to backup or otherwise offload any data from the hard disk because a clean installation/reimaging will destroy all personal user data on the hard drive. Please don't hesitate re-posting if you need further assistance.

    Lori MS

    Lori MS
    Monday, July 28, 2008 6:28 PM
  • Hello Gothic,

     Thank you for visiting the Microsoft Genuine Advantage Forum.  Carey and Lori provide you with insight and please follow their gudiance.  In turn I wanted to provide you with additional information.  Currently it only appears you need to activate windows. At this point you will probably have to perform a telephone activation. Here are the steps:

    follow these steps:


    Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Activate Windows.

    Or, click the Windows Activation icon in the notification area.


    Click Yes, I want to telephone a customer service representative to active Windows now.


    Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.


    Follow the steps in the Activate Windows by phone dialog box, and then click Next.

    Note The number appears now and differs based on the location that you select.


    When activation is completed and you receive the following message, click OK.

    You have successfully activated your copy of Windows.

    More information on how to activate Windows XP at http://support.microsoft.com/kb/307890

    Also you may reference the following site for various telephone activation centers:  http://support.microsoft.com/kb/326851

    After you finish the above steps please restart the computer and try to validate Windows again: http://www.microsoft.com/genuine. Please locate the “Validate Windows” button in the upper right hand corner. Double click on the button and follow the guidance. Were you able to pass Windows Validation successfully? Please post again if you need further assistance. Thank you.

    Thank you,

    Stephen Holm, MS

    Monday, July 28, 2008 9:01 PM
  • Gothic,

        The purpose of this forum is the support of Windows Genuine Advantage (WGA) program. Your question is off topic but I would like to provide some information which may help. Please call our PC Safety line at 1-866-PCSAFETY or (1-866-727-2338).  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada. Detailed information including selecting various regions for support can be located at: http://www.microsoft.com/protect/support/default.mspx

        Currently your computer appears massively infected with malware and viruses. Please read “Cleaning a Compromised System” @:  http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    Unfortunately the best way for eradicating malware and virus infections is to re-image your computer as Carey mentioned.  This takes time but ultimately re-imaging the system may provide you with a better peace of mind.  Should you take this route and need assistance please reference the following self-help articles:   “How to install or upgrade to Windows XP” located @ http://support.microsoft.com/kb/316941/en-us and http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

        Now you will need HELP for fighting spyware and keeping a newly re-formatted system free from malware and viruses.  Please always ensure critical updates are updated by visiting Windows update @ http://www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us  . Next you may download Windows Defender for free. Please visit http://www.microsoft.com/windows/products/winfamily/defender/default.mspx and learn more as how Windows Defender will help thwart malware infestations.  Next visit the Microsoft Security Center here:  http://www.microsoft.com/security/default.mspx .  There are many links here providing customers comprehensible assistance for arming them against malicious activities which lurk abound the internet.   

        Windows Live OneCare is a great tool for providing the following services: Antivirus & Antispyware, Online ID Protection, Firewall, Multi-PC Management, Printer Sharing and Backup and Restore features.   Please visit http://onecare.live.com/standard/en-us/prodinfo/features.htm for more details. This suite will help detect and eradicate both malware and viruses from your system while silently running behind the scenes. OneCare may be purchased from Microsoft Marketplace @ http://www.windowsmarketplace.com/showcase.aspx?ctid=5&WT.mc_id=point_it_store_microsoft_a_G . This is a small price to pay for safeguarding your systems.

        Next I encourage regular visits to The Microsoft Security Response Center (MSRC) blog @ http://blogs.technet.com/msrc/default.aspxMicrosoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts. 

    Hopefully I have been able to guide you in the right direction.


    Take care,


    Stephen Holm, MS

    • Marked as answer by StephenHolm Monday, July 28, 2008 9:02 PM
    Monday, July 28, 2008 9:02 PM