locked
Repaired Malware infected XP HOme computer, Activated OK, won't validate... RRS feed

  • Question

  • Ok, my xp home edition got nasty malware installed on it.  I used the original install disk to repair it.  The malware didn't go away, so I used a bunch of tools that seemed to have cleaned everything up nicely.

     

    So, when I reinstalled, I activated, and the activation was fine.  Now I want to update things but the genuine validation system won't let me.  I used the tool, and here's the results.  Please help me.

     

    Before I did the reinstall I was getting updates frequently.

     

    thanks,

     

    jim

     

     

    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-W7RCH-62Y6K-CVXDB
    Windows Product Key Hash: ZYqdRFX4ofgu8JSLcuVI8QU0ntk=
    Windows Product ID: 76477-OEM-2165572-02008
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {5D4C5E85-2EFA-4F7D-A271-6E7147D3834C}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x800401f3
    File Exists: Yes
    Version: 1.7.17.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 103 Blocked VLK
    OGA Version: Registered, 1.6.28.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-171-1_70AFE6BE-1223-800401f3_70AFE6BE-116-800401f3_63BB5E84-433-800401f3_E2AD56EA-235-800401f3_16E0B333-89-800401f3_B4D0AA8B-1029-800401f3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

     

    Wednesday, July 9, 2008 4:33 AM

Answers

All replies

  • Jim,

     

    Thank you for visiting the Microsoft Genuine Advantage Forum.  The purpose of this forum is the support of Windows Genuine Advantage (WGA) program. Your question is off topic but I would like to provide some information which may help. Please call our PC Safety line at 1-866-PCSAFETY or (1-866-727-2338).  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada. Detailed information including selecting various regions for support can be located at: http://www.microsoft.com/protect/support/default.mspx . 

    Curious did you repair or completely reformat then reinstall the operating system? It appears you repaired what happened.  Also Office product key installed on this computer appears blocked by Microsoft. Please uninstall Office from your computer. Non-genuine software can cause many problems. 

     

    Please read “Cleaning a Compromised System” @:  http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    Unfortunately the best way for eradicating malware and virus infections is to re-image your computer not trying to repair a slimmed system.  This takes time but ultimately re-imaging the system may provide you with a better peace of mind.  Should you take this route and need assistance please reference the following self-help articles:   “How to install or upgrade to Windows XP” located @ http://support.microsoft.com/kb/316941/en-us and http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

    Now you will need HELP for fighting spyware and keeping a newly re-formatted system free from malware and viruses.  Please always ensure critical updates are updated by visiting Windows update @ http://www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us  . Next you may download Windows Defender for free. Please visit http://www.microsoft.com/windows/products/winfamily/defender/default.mspx and learn more as how Windows Defender will help thwart malware infestations.  Next visit the Microsoft Security Center here:  http://www.microsoft.com/security/default.mspx .  There are many links here providing customers comprehensible assistance for arming them against malicious activities which lurk abound the internet.   

    Windows Live OneCare is a great tool for providing the following services: Antivirus & Antispyware, Online ID Protection, Firewall, Multi-PC Management, Printer Sharing and Backup and Restore features.   Please visit http://onecare.live.com/standard/en-us/prodinfo/features.htm for more details. This suite will help detect and eradicate both malware and viruses from your system while silently running behind the scenes. OneCare may be purchased from Microsoft Marketplace @ http://www.windowsmarketplace.com/showcase.aspx?ctid=5&WT.mc_id=point_it_store_microsoft_a_G . This is a small price to pay for safeguarding your systems.

    Next I encourage regular visits to The Microsoft Security Response Center (MSRC) blog @ http://blogs.technet.com/msrc/default.aspx .  Microsoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts. 

    Hopefully I have been able to guide you in the right direction.

     

    Take care,

     

    Stephen Holm, MS
    WGA Forum Manager

    Wednesday, July 9, 2008 8:38 PM
  • Hi Stephen,

     

    Thanks for your quick follow up.  The information that you have provided is very helpful.

     

    I was able to resolve the problem in a different way, though it did take some time.

     

    After I did the OS repair, the malware persisted.  I was able to completely remove the malware using 5 separate scanners and cleaners.  The process of cleaning out the malware either removed some registry keys that were essential to validation, or I removed some dlls that were essential.  One of the consequences of this particular malware was that it blocked System Restore, and Windows update.

     

    After I removed the malware, and could not get validation or updates to work, I figured that the process of eliminating the malware did something to the system.  So, I decided to do the repair from the original CD again.

     

    After this second repair was performed, I immediately went to Windows update, and Windows update worked!  It loaded the updated installer 3.1 (which previously would not load).  It then scanned the system and suggested SP3.  SP3 was downloaded, but unfortunately 90% into the install, "Access Denied" terminated the install.  Fortunately, microsoft had a fix for this problem (an artifact of the malware).  I restored the system back to the OS Repair point, applied the microsoft fix, went to Update, downloaded SP3, and it installed fine.  Again going to Windows update, it provided the IE7 update package, and that installed also.

     

    I then installed the new DirectX, which required validation.  The system was validated and DirectX installed!

     

    I just wanted to let you know that the system is now working and is now as good as new, with no data loss.

     

    Sorry for posting off topic, I thought this was where I was supposed to dump the output of the scan.

     

    Also, regarding the Microsoft Office installed on this machine.  This was purchased from the Microsoft Store in Redmond. It's possible that the key was corrupted or changed by malware,  or could it be that someone's selling counterfeit out of the company store?

     

    Thanks for your response, I'll most likely follow your advice next time this happens (hopefully it won't, I think I remember installing a Microsoft Malware Fixer with the IE7 update and I'll look into defender).

     

    jim.

     

     

     

    Thursday, July 10, 2008 3:01 AM
  • Jim,

     

    WoW!!! You were definetely slimmed in the worst way. Somethings similar happend to a friends machine and I tried the route of attempting various programs for removing the malware but received no joy. Basically I wipped out the system and viola' all was GREAT! Basically I spent more time tinkering with his system attempting a purge when I could have re-formatted in less time as well as having a better peace of mind. This is why I definetly share the philosphy for performing a complete reformat. 

     

    I am glad you are now operational once again. Also did you use the reporting feature of the software for all malware detected? Hopefully you did this will alert whatever company software used and they will use this for research etc. Also I would like to recommend you give Microsoft One Care a chance :-). Do some research and see what you think. It is a great package. 

     

    Jim, thank you for taking the time and reporting back with us here in the forum. Others will be able to see what route you took should they use the forum search feature which may help others experiencing a simliar plight as your situation. Please post back should you need WGA assistance.

     

     

    Thank you,

     

    Stephen Holm, MS

    WGA Forum Manager

     

    Thursday, July 10, 2008 6:39 AM