Answered by:
Windows Genuine Advantage Validation

Question
-
I have had this computer for 5 or 6 years. It is a Toshiba Satellite purchased from "Best Buy". I have used it everyday and have not had this problem until last week.When the computer boots is has a message on the desktop "You may be a victim of software counterfeiting. This copy of Windows did not pass genuine Windows validation"
I need help to remove "Windows Genuine Advantage Validation v1.9.9.1" from my computer. AVG found this Trojan horse Generic5 but it does not remove it. I ran AVG and it found this:
"Infection";"Trojan horse Generic5_c.YKQ";"C:\shop\WGA - Windows Genuine Advantage Validation v1.9.9.1 CRACKED - MoMoXHAcKEr\WGA_1991\WGA_v1.9.9.1_crack.exe";"N/A";"12/28/2011, 12:27:00 AM"
AVG said that it removed it but it is still here. Every time I boot my computer it changes my desk top to blank and ask if I want to fix the Validation now or to "remind me later".Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-94376-8HGKG-VRDRQ
Windows Product Key Hash: J6xTXRap0ztTFA0rQ2B4i4BoXZw=
Windows Product ID: 76487-640-8816093-23829
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {A8D8BEA8-5BE9-4452-A486-29326431F6C3}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional - 100 Genuine
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A8D8BEA8-5BE9-4452-A486-29326431F6C3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VRDRQ</PKey><PID>76487-640-8816093-23829</PID><PIDType>1</PIDType><SID>S-1-5-21-1078081533-839522115-1801674531</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A105</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>1.30 </Version><SMBIOSVersion major="2" minor="31"/><Date>20060209000000.000000+000</Date></BIOS><HWID>85AF3007018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>4D6360D3A460BE</Val><Hash>9DKYXmhd0QZW4xMaL1xZTeM2NbQ=</Hash><Pid>54186-701-6407997-17293</Pid><PidType>1</PidType></Product><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57478</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 12A6C:Semp Toshiba Informatica Ltda|12A6C:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
I know that this is genuine microsoft windows. It was put on my computer by "Best Buy" and has run fine for years.
Please help. Thank you very much.
Sonshine
Friday, January 6, 2012 3:38 AM
Answers
-
Thank you so much.
I ran the Product Key Update Tool and now my problem is solved.
Thanks again.
Sonshine
- Marked as answer by Darin Smith MS Friday, January 6, 2012 11:47 PM
Friday, January 6, 2012 4:49 PM
All replies
-
"Sonshine131" wrote in message news:5f1c04fc-93ca-4992-af28-253a4259141c...
I have had this computer for 5 or 6 years. It is a Toshiba Satellite purchased from "Best Buy". I have used it everyday and have not had this problem until last week.When the computer boots is has a message on the desktop "You may be a victim of software counterfeiting. This copy of Windows did not pass genuine Windows validation"
I need help to remove "Windows Genuine Advantage Validation v1.9.9.1" from my computer. AVG found this Trojan horse Generic5 but it does not remove it. I ran AVG and it found this:
"Infection";"Trojan horse Generic5_c.YKQ";"C:\shop\WGA - Windows Genuine Advantage Validation v1.9.9.1 CRACKED - MoMoXHAcKEr\WGA_1991\WGA_v1.9.9.1_crack.exe";"N/A";"12/28/2011, 12:27:00 AM"
AVG said that it removed it but it is still here. Every time I boot my computer it changes my desk top to blank and ask if I want to fix the Validation now or to "remind me later".Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-94376-8HGKG-VRDRQ
Windows Product Key Hash: J6xTXRap0ztTFA0rQ2B4i4BoXZw=
Windows Product ID: 76487-640-8816093-23829
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
Other data-->
SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A105</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>1.30 </Version><SMBIOSVersion major="2" minor="31"/><Date>20060209000000.000000+000</Date></BIOS
I know that this is genuine microsoft windows. It was put on my computer by "Best Buy" and has run fine for years.
Please help. Thank you very much.
Sonshine
Your installation is counterfeit.The installation has been enable by the use of the crack tool that AVG is having problems with.The Key is a Blocked Volume License Key – which was almost certainly NOT put on your machine by BestBuy.If the COA sticker on the machine is for Windows XP Pro, you could try changing the Key to that one, using the Product Key Update Tool from here - http://windows.microsoft.com/en-GB/windows/help/genuine/product-key
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, January 6, 2012 9:54 AMModerator -
Thank you so much.
I ran the Product Key Update Tool and now my problem is solved.
Thanks again.
Sonshine
- Marked as answer by Darin Smith MS Friday, January 6, 2012 11:47 PM
Friday, January 6, 2012 4:49 PM -
Please post a new MGADiag report so that we can check it.
You should check for malware using Malwarebytes Anti-Malware free version - www.malwarebytes.org
(I'm no longer the fan of AVG that I once was - I would recommend changing AV to an alternative when your license comes up for renewal)
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed SlothFriday, January 6, 2012 5:08 PMModerator