have a client that was badly infected and now has lost his legal activation RRS feed

  • Question


    Please find attached the log file from the diagnostics.  The box has been scrubbed.


    Diagnostic Report (1.7.0095.0):
    WGA Data-->
    Validation Status: Not Activated
    Validation Code: 1
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-679RX-K366X-6DGPG
    Windows Product Key Hash: WFelwNKjtWokGV5wOGub/0lRW7E=
    Windows Product ID: 55277-006-9537103-21904
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    CSVLK Server: N/A
    ID: {61820D2F-C3A5-4230-92CB-3DEEB253057F}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered,
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: Registered,
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\ntoskrnl.exe[5.1.2600.3093]
    File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.3119]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{61820D2F-C3A5-4230-92CB-3DEEB253057F}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6DGPG</PKey><PID>55277-006-9537103-21904</PID><PIDType>0</PIDType><SID>S-1-5-21-606747145-1482476501-725345543</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 8200               </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20011207000000.000000+000</Date></BIOS><HWID>DB5B308F0184C05E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData>   <Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B606A8D965E8500</Val><Hash>XqH4JeFQZ7oEDJ5E5Vi7UeC3DN8=</Hash><Pid>73931-640-3836512-57923</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 


    Sunday, June 22, 2008 3:18 AM


All replies


    Once a PC is infected with a computer virus or worm, the
    computer becomes compromised and nothing less than a reinstallation
    of the operating system is going to work properly.  Yes, you
    can scan and eliminate the initial virus, but you generally
    cannot undo the damage caused by the virus to the system
    files.  You'll need to reformat your hard drive and then
    reinstall your Windows operating system.


    Cleaning a Compromised System

    After restoring your system, consider installing a good
    antivirus program, such as Windows OneCare.  You can
    try it absolutely FREE for 90 days.


    Sunday, June 22, 2008 3:37 AM
  • Morning In any Case,


               Please call our PC Safety line at 1-866-PCSAFETY or (1-866-727-2338).  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada. Detailed information including selecting various regions for support can be located at: http://www.microsoft.com/protect/support/default.mspx . 


    In the meantime I would like to provide you with some additional information should this ever happen again.  Please read “Cleaning a Compromised System” @:  http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx


    Unfortunately the best way for eradicating malware and virus infections is to re-image your computer as Carey previously mentioned.  This takes time but ultimately re-imaging the system may provide you with a better peace of mind.  Should you take this route and need assistance please reference the following self-help articles:   “How to install or upgrade to Windows XP” located @ http://support.microsoft.com/kb/316941/en-us and http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

    Now you will need HELP for fighting spyware and keeping a newly re-formatted system free from malware and viruses.  Please always ensure critical updates are updated by visiting Windows update @ http://www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us  . Next you may download Windows Defender for free. Please visit http://www.microsoft.com/windows/products/winfamily/defender/default.mspx and learn more as how Windows Defender will help thwart malware infestations.  Next visit the Microsoft Security Center here:  http://www.microsoft.com/security/default.mspx .  There are many links here providing customers comprehensible assistance for arming them against malicious activities which lurk abound the internet.   

    Windows Live OneCare is a great tool for providing the following services: Antivirus & Antispyware, Online ID Protection, Firewall, Multi-PC Management, Printer Sharing and Backup and Restore features.   Please visit http://onecare.live.com/standard/en-us/prodinfo/features.htm for more details. This suite will help detect and eradicate both malware and viruses from your system while silently running behind the scenes. OneCare may be purchased from Microsoft Marketplace @ http://www.windowsmarketplace.com/showcase.aspx?ctid=5&WT.mc_id=point_it_store_microsoft_a_G . This is a small price to pay for safeguarding your systems.

    Next I encourage regular visits to The Microsoft Security Response Center (MSRC) blog @ http://blogs.technet.com/msrc/default.aspx .  Microsoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts. 

    Hopefully I have been able to guide you in the right direction.


    Stephen Holm

    WGA Forum Volunteer

    Monday, June 23, 2008 5:23 PM
  • InAnyCase,


    Should the settings have been altered due to the virus infection/remediation,  you can also use the

    validation tool below:




    Here are instructions on validating over the phone, as is the case when reinstalling Windows XP or online

    activation is suspended:


    How to activate Windows XP by phone

    To contact a Microsoft customer service representative to activate Windows by phone, follow these steps:


    1. Click 'Start', point to 'All Programs', point to 'Accessories', point to 'System Tools', and then click 'Activate Windows'.
    click the Windows Activation icon in the notification area (aka system Tray).
    clicking Start button, then Run, and type in "
    oobe/msoobe /a", then press the Enter key located on your keyboard.

    2. Click Yes, I want to telephone a customer service representative to active Windows now.  

    3. Follow the steps in the Activate Windows by phone dialog box, and then click Next.

    4. When activation is completed and you receive the following message, click OK.
     "You have successfully activated your copy of Windows". 


    Lori MS
    Monday, June 23, 2008 6:04 PM