locked
WGA fails after virus/spyware threat. RRS feed

  • Question

  • I had an infection on my system that caused WGA to fail.  I have since cleaned the infection.  However, WGA still fails.  I ran the diags, here are my results.


    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-YV8DY-G343J-YFBPY
    Windows Product Key Hash: ZcoNchWrd5kaKE5MwIuUtM+peoo=
    Windows Product ID: 55274-640-2420364-23096
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {1C7CD67E-63BF-4205-80BE-F4C3D6A74C0C}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    Version: 1.7.18.7
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: Registered, 1.6.28.0
    Signed By: Microsoft
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-171-1_025D1FF3-85-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{1C7CD67E-63BF-4205-80BE-F4C3D6A74C0C}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YFBPY</PKey><PID>55274-640-2420364-23096</PID><PIDType>0</PIDType><SID>S-1-5-21-1801674531-789336058-839522115</SID><SYSTEM><Manufacturer>ASUSTek Computer Inc.</Manufacturer><Model>K8N-E-Deluxe</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1006.008</Version><SMBIOSVersion major="2" minor="3"/><Date>20041004000000.000000+000</Date></BIOS><HWID>93823D8701844E6D</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData>   <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Saturday, August 23, 2008 2:18 AM

Answers

  •  

    Timmyyy,

     

    Thank you for visiting the Microsoft Genuine Advantage Forum.  The purpose of this forum is the support of Windows Genuine Advantage (WGA) program. Virus questions are off topic.  I do understand that you believe you have cleaned your previously infected system. Carey Frisch who responds in forums here wrote this, “Once your PC is infected with a computer virus or worm, your computer becomes compromised and nothing less than a reinstallationof the operating system is going to work.  Yes, you can try to scan and eliminate the initial virus, but you generally cannot undo the damage caused by the virus to the system files.  You'll need to reformat your hard drive and then reinstall your Windows operating system.”  Since this is virus related, please consider calling <Removed by Moderator: Phone number and/or site link no longer in use>.  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada. Detailed information including selecting various regions for support can be located at: <Removed by Moderator: Phone number and/or site link no longer in use>

     

                Please read “Cleaning a Compromised System” @ http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx and Description, Prevention, and Recovery from a Computer Virus knowledge base (KB) article @ http://support.microsoft.com/kb/129972/en-us

     

                Unfortunately the best way for eradicating malware and virus infections is to re-image your computer.  This takes time but ultimately re-imaging the system may provide you with a better peace of mind.  Should you take this route and need assistance please reference the following self-help articles:   “How to install or upgrade to Windows XP” located @ http://support.microsoft.com/kb/316941/en-usand http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

     

     

    Now you will need HELP for fighting spyware and keeping a newly re-formatted system free from malware and viruses.  Please always ensure critical updates are updated by visiting Windows update @ http://www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us

     

     Next you may download Windows Defender for free. Please visit http://www.microsoft.com/windows/products/winfamily/defender/default.mspxand learn more as how Windows Defender will help thwart malware infestations.  Next visit the Microsoft Security Center here:  http://www.microsoft.com/security/default.mspx.  There are many links here providing customers comprehensible assistance for arming them against malicious activities which lurk abound the internet.  

    Windows Live OneCare is a great tool for providing the following services: Antivirus & Antispyware, Online ID Protection, Firewall, Multi-PC Management, Printer Sharing and Backup and Restore features.   Please visit http://onecare.live.com/standard/en-us/prodinfo/features.htm for more details. This suite will help detect and eradicate both malware and viruses from your system while silently running behind the scenes. OneCare may be purchased from Microsoft Marketplace @ http://www.windowsmarketplace.com/showcase.aspx?ctid=5&WT.mc_id=point_it_store_microsoft_a_G. This is a small price to pay for safeguarding your systems.

     I encourage regular visits to The Microsoft Security Response Center (MSRC) blog @ http://blogs.technet.com/msrc/default.aspxMicrosoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts.  Also review the Security at Home options available here:

     

    http://www.microsoft.com/protect/default.mspx  and the Security Guidance Center for Small Business Center at: http://www.microsoft.com/smallbusiness/support/computer-security-overview.aspx#BulletinsAndAlerts . The sites provide many links with detailed information covering PC Safety and Security. Please take the time and review the various links because there is a wealth of information for protecting families while using the computer.



    • Marked as answer by RickImAPC Monday, August 25, 2008 4:20 PM
    • Edited by Darin Smith MS Tuesday, April 10, 2012 7:07 PM <Removed by Moderator: Phone number and/or site link no longer in use>
    Monday, August 25, 2008 4:19 PM

All replies

  • I have seen these threads get answered within a couple hours...ive been waiting for 3 days now.
    Did the hampster die or something?
    Monday, August 25, 2008 5:29 AM
  •  

    Timmyyy,

     

    Thank you for visiting the Microsoft Genuine Advantage Forum.  The purpose of this forum is the support of Windows Genuine Advantage (WGA) program. Virus questions are off topic.  I do understand that you believe you have cleaned your previously infected system. Carey Frisch who responds in forums here wrote this, “Once your PC is infected with a computer virus or worm, your computer becomes compromised and nothing less than a reinstallationof the operating system is going to work.  Yes, you can try to scan and eliminate the initial virus, but you generally cannot undo the damage caused by the virus to the system files.  You'll need to reformat your hard drive and then reinstall your Windows operating system.”  Since this is virus related, please consider calling <Removed by Moderator: Phone number and/or site link no longer in use>.  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada. Detailed information including selecting various regions for support can be located at: <Removed by Moderator: Phone number and/or site link no longer in use>

     

                Please read “Cleaning a Compromised System” @ http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx and Description, Prevention, and Recovery from a Computer Virus knowledge base (KB) article @ http://support.microsoft.com/kb/129972/en-us

     

                Unfortunately the best way for eradicating malware and virus infections is to re-image your computer.  This takes time but ultimately re-imaging the system may provide you with a better peace of mind.  Should you take this route and need assistance please reference the following self-help articles:   “How to install or upgrade to Windows XP” located @ http://support.microsoft.com/kb/316941/en-usand http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

     

     

    Now you will need HELP for fighting spyware and keeping a newly re-formatted system free from malware and viruses.  Please always ensure critical updates are updated by visiting Windows update @ http://www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us

     

     Next you may download Windows Defender for free. Please visit http://www.microsoft.com/windows/products/winfamily/defender/default.mspxand learn more as how Windows Defender will help thwart malware infestations.  Next visit the Microsoft Security Center here:  http://www.microsoft.com/security/default.mspx.  There are many links here providing customers comprehensible assistance for arming them against malicious activities which lurk abound the internet.  

    Windows Live OneCare is a great tool for providing the following services: Antivirus & Antispyware, Online ID Protection, Firewall, Multi-PC Management, Printer Sharing and Backup and Restore features.   Please visit http://onecare.live.com/standard/en-us/prodinfo/features.htm for more details. This suite will help detect and eradicate both malware and viruses from your system while silently running behind the scenes. OneCare may be purchased from Microsoft Marketplace @ http://www.windowsmarketplace.com/showcase.aspx?ctid=5&WT.mc_id=point_it_store_microsoft_a_G. This is a small price to pay for safeguarding your systems.

     I encourage regular visits to The Microsoft Security Response Center (MSRC) blog @ http://blogs.technet.com/msrc/default.aspxMicrosoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts.  Also review the Security at Home options available here:

     

    http://www.microsoft.com/protect/default.mspx  and the Security Guidance Center for Small Business Center at: http://www.microsoft.com/smallbusiness/support/computer-security-overview.aspx#BulletinsAndAlerts . The sites provide many links with detailed information covering PC Safety and Security. Please take the time and review the various links because there is a wealth of information for protecting families while using the computer.



    • Marked as answer by RickImAPC Monday, August 25, 2008 4:20 PM
    • Edited by Darin Smith MS Tuesday, April 10, 2012 7:07 PM <Removed by Moderator: Phone number and/or site link no longer in use>
    Monday, August 25, 2008 4:19 PM
  • I think you'r right about the re-install.
    I was just had some hope that I could fix the issue without a format.
    The key in my registry matches the one on my COA, and was genuine untill this infection.

    Off to format my HDD.
    Monday, August 25, 2008 6:58 PM
  • Good luck Timmyyy,

    Rick, MS

    Monday, August 25, 2008 8:56 PM
  • Timmyyy,

    Could you please give us some additional information concerning the virus you received? The name of the virus? The name of the scanner used to detect/resolve the virus? Along with any other information you are able to provide.

    Additionally, could you please run http://safety.live.com/ Full System Scan for virus' and spyware.

    Respectfully,

    Rick, MS
    Tuesday, August 26, 2008 9:50 PM
  • Unfortunatly, I did not record the name of the virus.
    To clean my system, I used a combination of AVG free v8, Spybot S&D, and I also ran a scan from Trend Micro's Houscall online scanner.

    I contracted the attack from a link sent from a freind in Windows Live Messenger.
    This friend is known to send me video clips, mainly gameplay videos.  This time though it was his messenger that got infected and sent the link to all of his contacts.  I foolishly clicked the link, and the same happened to me, I got the infection, and the link was sent to as many of my contacts as it could untill messenger cut it off for too many posts per minut.

    I have used the same scanners since my format, and I am currently clean as far as I can tell.
    One other thing that happened was a known spyware app Antivirus 2008 got installed as well.
    And of course the awsome side effect of no longer having a genuine install.
    • Edited by Timmyyy Wednesday, August 27, 2008 2:02 PM added info
    Wednesday, August 27, 2008 2:00 PM
  • Timmyyy,

    I have forwarded your posted information off for analysis. Thank you for the additional information you did post. Any additional information you may have will still be welcomed here on your thread.

    Respectfully,

    Rick, MS
    Wednesday, August 27, 2008 5:20 PM