none
Invalid Vista License after Kidoworm attack RRS feed

  • Question

  • I got an window saying my license to Windows Vista might now be legitimate, witch i found very odd as i bought my Laptop from Medion a year ago with Vista Home Premium pre-installed. I did a bit of google-fu and found out that basically my SL UI service is not running and my Software Licensing service is not running either. When i try to start these i get an error message saying an "Unauthorised change had been done to Vista".

    I also used the MGA Diagnosis scanner and here is the result of that

    Diagnostic Report (1.9.0011.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50

    Cached Validation Code: N/A, hr = 0x80070426
    Windows Product Key: *****-*****-H2QD2-V4DCP-X7QB8
    Windows Product Key Hash: MvKKFuoJKNIo4kxOa/fSwfVoEj0=
    Windows Product ID: 89578-OEM-7332157-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6001.2.00010300.1.0.003
    ID: {0081D367-97F8-4F42-B482-2A8491795BD1}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.9.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6001.vistasp1_gdr.090302-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: 1.7.105.35
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: 102
    Version: 1.7.105.35
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 102
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: Registered, 1.7.105.35
    Signed By: Microsoft
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{0081D367-97F8-4F42-B482-2A8491795BD1}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-X7QB8</PKey><PID>89578-OEM-7332157-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-2688110480-3036480915-209154330</SID><SYSTEM><Manufacturer>Notebook        </Manufacturer><Model>E5411           </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>M1.09 </Version><SMBIOSVersion major="2" minor="5"/><Date>20090330000000.000000+000</Date></BIOS><HWID>40323507018400F8</HWID><UserLCID>0406</UserLCID><SystemLCID>0406</SystemLCID><TimeZone>Rom, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MEDION</OEMID><OEMTableID>MEDIONAG</OEMTableID></OEM><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software Licensing service is not running.

    HWID Data-->
    HWID Hash Current: NgAAAAIAAQABAAEAAwABAAAAAwABAAEAeqgmPscXAAMEuPwQWk+N7xIt8vSw2x6aBNCsVkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            PTLTD              APIC 
      FACP            NVIDIA        MCP79  
      HPET            PTLTD         HPETTBL
      BOOT            PTLTD         $SBFTBL$
      MCFG            PTLTD           MCFG 
      SLIC            MEDION        MEDIONAG
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst
      SSDT            PmRef        Cpu0Tst


    I did notice that the product key is different from the one at the bottom of my laptop but i have no idea how to fix that

    I would also like to add that i cannot open my control panel, when i try to do that the window opens for a second then shuts down automatically. I also cannot get the latest updates from Windows Update.

    I've also recently been attacked by the worm "win32wormkido" or as it's more commonly known as "Win32.Conficker.A". I know it shuts off access to Windows Update however it have been removed succesfully. I would have imagined that the worm somehow altered the Product key to invalidate my Vista to disable
    windows update.

    I would imagine a reinstallation of Vista would fix this, but I'd prefer not to do that since it takes ages. I'd also ask here just in case.

    I will try to provide as much information as needed. But this is all i can think of at this moments notice
    Sunday, September 13, 2009 12:26 AM

Answers

All replies