locked
windows update not working and getting popups. RRS feed

  • Question

  • i have windows xp home edition and run the onecare live but it quarentines and does not get rid of it.

     

    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Not Activated
    Validation Code: 1
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-WPCTG-KMGTH-YKH38
    Windows Product Key Hash: nKKUs3TPcf9YnaaQrkX3FpjsqBM=
    Windows Product ID: 76477-007-4064671-21556
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {A8741684-CAE8-49D3-9F06-EB5FBE98DDEB}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    Version: 1.7.18.5
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office XP Professional - 100 Genuine
    Microsoft Publisher 2002 - 100 Genuine
    OGA Version: Registered, 1.6.28.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Prompt
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A8741684-CAE8-49D3-9F06-EB5FBE98DDEB}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YKH38</PKey><PID>76477-007-4064671-21556</PID><PIDType>0</PIDType><SID>S-1-5-21-1275210071-926492609-682003330</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F9</Version><SMBIOSVersion major="2" minor="3"/><Date>20060210000000.000000+000</Date></BIOS><HWID>D7B3311F01844076</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>2169A9A6C66E238</Val><Hash>fXuYnZhdUKt+pHaS3bEpJhBnP3A=</Hash><Pid>54186-OEM-1790936-40956</Pid><PidType>4</PidType></Product><Product GUID="{91190409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Publisher 2002</Name><Ver>10</Ver><Val>4D8DA4C6CB77338</Val><Hash>smGnLr0jjk0etea9w1LjG+KmIzU=</Hash><Pid>54197-OEM-1691191-80956</Pid><PidType>4</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="19" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> 

     

    Wednesday, July 9, 2008 8:40 PM

Answers

  • Hello Palo,

     

    Thank you for visiting the Microsoft Windows Genuine Advantage (WGA) forum.  Your issue is related to Product Activation.  The purpose of this forum is the support of the WGA program and your question falls out of the scope for our support. In an attempt to assist I would like to provide some information which may help. I do suggest trying to activate using the “Activate by Phone” method from the activation Wizard. Telephone numbers for Activation Centers vary by product license and country/region. Use the number provided on your Activation Wizard screen to call the Microsoft Activation Center.  Please follow the below guidance for telephone activation for activating Windows. 

     

     To contact a Microsoft customer service representative to activate Windows by phone, follow these steps:

    1.

    Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Activate Windows.

    Or, click the Windows Activation icon in the notification area.

    2.

    Click Yes, I want to telephone a customer service representative to active Windows now.

    3.

    Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.

    4.

    Follow the steps in the Activate Windows by phone dialog box, and then click Next.

    Note The number appears now and differs based on the location that you select.

    5.

    When activation is completed and you receive the following message, click OK.

    You have successfully activated your copy of Windows.

    More information on how to activate Windows XP at http://support.microsoft.com/kb/307890

    Also you may reference the following site for various telephone activation centers:  http://support.microsoft.com/kb/326851

    After you finish the above steps please restart the computer and try to validate Windows again: http://www.microsoft.com/genuine. Please locate the “Validate Windows” button in the upper right hand corner. Double click on the button and follow the guidance. Were you able to pass Windows Validation successfully? Please post again if you need further assistance. Thank you.

     

     

    Take care,

     

    Stephen Holm, MS
    WGA Forum Manager

    Wednesday, July 9, 2008 10:25 PM

All replies

  • Hello Palo,

     

    Thank you for visiting the Microsoft Windows Genuine Advantage (WGA) forum.  Your issue is related to Product Activation.  The purpose of this forum is the support of the WGA program and your question falls out of the scope for our support. In an attempt to assist I would like to provide some information which may help. I do suggest trying to activate using the “Activate by Phone” method from the activation Wizard. Telephone numbers for Activation Centers vary by product license and country/region. Use the number provided on your Activation Wizard screen to call the Microsoft Activation Center.  Please follow the below guidance for telephone activation for activating Windows. 

     

     To contact a Microsoft customer service representative to activate Windows by phone, follow these steps:

    1.

    Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Activate Windows.

    Or, click the Windows Activation icon in the notification area.

    2.

    Click Yes, I want to telephone a customer service representative to active Windows now.

    3.

    Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.

    4.

    Follow the steps in the Activate Windows by phone dialog box, and then click Next.

    Note The number appears now and differs based on the location that you select.

    5.

    When activation is completed and you receive the following message, click OK.

    You have successfully activated your copy of Windows.

    More information on how to activate Windows XP at http://support.microsoft.com/kb/307890

    Also you may reference the following site for various telephone activation centers:  http://support.microsoft.com/kb/326851

    After you finish the above steps please restart the computer and try to validate Windows again: http://www.microsoft.com/genuine. Please locate the “Validate Windows” button in the upper right hand corner. Double click on the button and follow the guidance. Were you able to pass Windows Validation successfully? Please post again if you need further assistance. Thank you.

     

     

    Take care,

     

    Stephen Holm, MS
    WGA Forum Manager

    Wednesday, July 9, 2008 10:25 PM
  • When I tried that it said that it was already activated an would not let me do anything.  i have found the following trojans and onecare does not seem to remove them

     

    win32/vundo/gen!c

    win32/vundo/gen!e

    win32/zlob/gen!h

    win32/zlob/gen!p

     

    they keep locking me out of administrator as well.

    Thursday, July 10, 2008 1:01 AM
  • Hey Palo,

     

    Sorry to hear what has happened. Curious did you maintain all updates within Microsoft OneCare timely or could you have been a little behind? It is imperative to maintain anti-malware and anti-virus signature files all the time because if not there stands chances a chance to become slimmed.  Thank you for visiting the Microsoft Genuine Advantage Forum.  The purpose of this forum is the support of Windows Genuine Advantage (WGA) program. Viruses are an unique animal. Your question is off topic but I would like to provide some information which may help. Please call our PC Safety line at 1-866-PCSAFETY or (1-866-727-2338).  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada. Detailed information including selecting various regions for support can be located at: http://www.microsoft.com/protect/support/default.mspx

      Please visit the Windows Live OneCare Forums located @  http://forums.microsoft.com/windowsonecare/default.aspx?siteid=2 . Next locat the appropriate forum and post this information there. 

     

    Please read “Cleaning a Compromised System” @:  http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    Unfortunately the best way for eradicating malware and virus infections is to re-image your computer not trying to repair a slimmed system.  This takes time but ultimately re-imaging the system may provide you with a better peace of mind.  Should you take this route and need assistance please reference the following self-help articles:   “How to install or upgrade to Windows XP” located @ http://support.microsoft.com/kb/316941/en-us and http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

    Please visit the Microsoft Security Center here:  http://www.microsoft.com/security/default.mspx .  There are many links here providing customers comprehensible assistance for arming them against malicious activities which lurk abound the internet. 

    Next I encourage regular visits to The Microsoft Security Response Center (MSRC) blog @ http://blogs.technet.com/msrc/default.aspx  .  Microsoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts. 

    Please ensure all of your critical data has been backed up should you decide to perform a complete system reformatting/restore of the hard drive. Also you will need to run an antivirus on the files which you have backed up prior using any of them.  Hopefully I have been able to guide you in the right direction.

     

     

    Thank you,

     

    Stephen Holm, MS
    WGA Forum Manager

    Thursday, July 10, 2008 6:57 AM
  • Hi Everyone,

    I myself had this same problem. A few customers of mine also had the exact same thing. After spending an entire day resolving this, I have found only one sure way of getting rid of this and restoring Windows Update/Automatic Update aside from a complete format/restore.

    The problem you are most likely having is that your computer is infected with the Vundo virus or variant of. This then downloads other supporting malware/viruses such as "Prunnet" among other things. This causes the "Windows Updater" to stop working and plagues your computer with popups. It is turned off and no matter what you do (including but not limited to going into services.msc and manually starting these services or reinstalling windows updater) will not resolve the issue. This virus will also occasionally turn off your Windows Firewall although you are not prevented from turning it back on. It will just turn it off by itself when it needs to.

    Windows Updater is being blocked from being turned on. I am pretty good with Hijack THIS and attempted to disable the virus myself. I stopped the pop-ups and disabled Vundo, but it would keep reproducing itself on the next boot-up.

    The following programs failed to remove Vundo and/or restore Windows Update:
    -Microsoft One Care (Subscription)- Would disable the virus until next boot up and could not restore Windows Update/Automatic Update. Failed to recognize most of the Vundo registry entries.
    -AVG 8.0 (Free)- Would catch only a few files being run. Failed to disable Vundo and failed to restore Windows Update/Automatic Update. Failed to recognize any of the Vundo registry entries. It did kill the pop ups for the session but would appear on next boot up. 
    -Dial-A-Fix (Free)- This program will stop all processes related to Windows Automatic Updates and then restart them. It is not designed to get rid of viruses. I used this when I thought I had stopped all Vundo processes and hope I could quickly download a security update from MS. However, just like the programs above, I must have missed something because it was still blocking Windows Update. This is not Dial-A-Fix fault, I failed to find the process that was blocking Windows Update. However, you don't need to do waste time here because once you COMPLETELY kill the virus, Windows Update will work again without the need to do any of this.

    The following program completely removed Vundo and its supporting malware AND restores Windows Automatic Update on next bootup:
    -Malwarebyte's Anti-Malware (Free or Subscription)-
     located at http://www.malwarebytes.org/
    It located all registry entries, files (some were renamed to look like "Creative Labs" files and processes). Many thanks to the guys at Malwarebytes!

    Recommended Steps:
    1)Go into add/remove programs and remove anything Java. This virus exploits older versions of it.
    2)Download Malwarebytes at http://www.malwarebytes.org/
    3)Run Malwarebytes selecting a FULL system scan. When finished select "yes" so that it will delete the remaining files on start-up.
    4)After the reboot, enable Windows Automatic Updates.
    5)click Start>Windows Update. It should now be working (download any priority updates & skip to step 7 if it is). If not, go to step 6.
    6)If Windows Update is still not working, download Dial-A-Fix and check "empty temp folders" and "fix windows update" ONLY.
    7)Download the latest version of Java (since you deleted your previous versions) at http://java.com/en/download/index.jsp

    Many thanks to the tech on one of the boards who suggested this. He tried using many other programs than I have not listed such as Spybot, HouseCall, Norton, etc.. (which is why I didn't try them as it was already confirmed they did not remove the virus).

    Hope this helps.
    -Anthony B.
    • Proposed as answer by patriotsgm Wednesday, January 7, 2009 12:02 PM
    Sunday, December 21, 2008 9:11 PM
  • I am fixing a computer for a friend of mine, and I had the same problem.  I did exactly what is in your post and that fixed the problem.

    Thanks
    Wednesday, January 7, 2009 12:00 PM
  • KhanIndustries and Patriotsgm,

    Thank you for posting here in the WGA program forum. I have forwarded this information to the OneCare team.

    Rick
    Thursday, January 8, 2009 5:03 PM