Remove From My Forums

i ran the MGA Diagnostic.....

Question
0

Sign in to vote
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-FWXH6-P3HJW-7338W
Windows Product Key Hash: h0YYD4BPOlOs7nrCKM4SOqD8GGg=
Windows Product ID: 76487-640-0008472-23917
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {BCE463D8-70D9-41FF-944C-3CE0B4799B86}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 5
File Exists: Yes
Version: 1.7.18.7
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BCE463D8-70D9-41FF-944C-3CE0B4799B86}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7338W</PKey><PID>76487-640-0008472-23917</PID><PIDType>0</PIDType><SID>S-1-5-21-1801674531-790525478-682003330</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>OptiPlex GX280 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20040917000000.000000+000</Date></BIOS><HWID>ADC630470184407D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>4B01CB96BEA4500</Val><Hash>uPEB/LJHvm/LKcZ//FVnv+l9CWA=</Hash><Pid>73931-640-3376763-57906</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

This edition of Windows is XP Pro, Version 2002, SP2 . My COA states my manufacturer name in black lettering.
- Edited by bearskitkat Saturday, August 23, 2008 1:57 PM changed information
Saturday, August 23, 2008 1:34 PM

Answers

0

Sign in to vote
Once your PC is infected with a computer virus or worm, your
computer becomes compromised and nothing less than a reinstallation
of the operating system is going to work. Yes, you can try
to scan and eliminate the initial virus, but you generally
cannot undo the damage caused by the virus to the system
files. You'll need to reformat your hard drive and then
reinstall your Windows operating system.

Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm

Please note: I am not a Microsoft employee...only a voluntary forum contributor.
- Marked as answer by RickImAPC Monday, August 25, 2008 6:11 PM
Sunday, August 24, 2008 4:03 PM

Moderator

All replies

0

Sign in to vote

Bearskitkat,

Please run the Product Key Updater at this link: http://forums.community.microsoft.com/en-US/genuinewindowsxp/thread/b9403eec-a4b7-435c-b3fd-0e7ee7c80428

Use the Product Key on the computer's Certificate of Authenticity whean prompted to enter the new product key.

Post back with a new mgadiag report and we'll see if it works.
For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp

Saturday, August 23, 2008 3:52 PM
0

Sign in to vote

I tried that, it didn't work. It gave me an error message that says it can only be run on a supported version of windows?????

Saturday, August 23, 2008 4:22 PM
0

Sign in to vote

Bearskitkat,

Is this a 64-bit installation of XP?

You stated that you ran the diagnostic and posted the results, but you never stated what the problem was that prompted you to run the mgadiag utility and post the report.
For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp

Sunday, August 24, 2008 4:11 AM
0

Sign in to vote

From the beginning. we purchased this computer about 1 year ago, and it has always run perfectly until about three weeks ago when we found multiple viruses. Since that point i keep getting a message that says we are unable to complete windows genuine validation. I can tell you that the windows product key listed in the report that I posted is not the same as the one on the COA on the CPU. I have been to microsoft.com and checked my coa, and it appears (according to their info) to be legitimate in all respects.

When told to run the Product Key Updater, thats when I get the message that it can only be run on a supported version of windows. I don't know if this is a 64-bit installation, or how to find out.

Bearskitkat

Sunday, August 24, 2008 3:07 PM
0

Sign in to vote
Once your PC is infected with a computer virus or worm, your
computer becomes compromised and nothing less than a reinstallation
of the operating system is going to work. Yes, you can try
to scan and eliminate the initial virus, but you generally
cannot undo the damage caused by the virus to the system
files. You'll need to reformat your hard drive and then
reinstall your Windows operating system.

Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm

Please note: I am not a Microsoft employee...only a voluntary forum contributor.
- Marked as answer by RickImAPC Monday, August 25, 2008 6:11 PM
Sunday, August 24, 2008 4:03 PM

Moderator
0

Sign in to vote

Unfortunately my grandson found several cds, guess what was among them? can i purchase a new Windows XP Pro and install that?

Sunday, August 24, 2008 4:32 PM
0

Sign in to vote

Bearskitkat,

I am not sure of the nature of your question. However Carey and Dan have given you some great feedback. Please re-word your question again in a new post to the WGA Forum if it is a Windows Genuine Advantage topic.

Respectfully,

Rick, MS

Monday, August 25, 2008 6:09 PM
0

Sign in to vote
Bearskitkat,

I agree with Carey that once you have experienced a viral/malware attack to the degree that it changes the WGA files on the computer, the effort of a complete fresh installation of XP is warranted.

Your Dell GX280 computer may have a recovery method installed that does not need the CDs to use. It is called Dell PC Restore [by Symantec]. This is a disk-based method that recovers the computer to the exact condition it was in when you took it out of the shipping box brand new.

Try to access the interface for Dell PC Restore. Restart the computer and right after the Dell logo fades, during the 2-second timeframe when the blue bar with www.dell.com is at the top of the screen, press CTRL + F11. If you time it right you will be booted in the recovery partition.

After acknowledging that the upcoming procedure will destroy all user data, you will be given an option to continue to cancel. Cancel for now.

Next, backup and offload any user data (docs, pix, email, finanical program databases, music, etc etc) that you want to save.

Next, disconnect all peripherals (scanners, printers, flash drives, etc etc) except for mouse and keyboard.

Finally, when you are ready, go ahead and execute Dell PC Restore. It'll take about 15 minutes.

After it's done, get back onto the internet and go directly to Windows Updates and get all your updates. (If the original configuration of your Dell did not have an antivirus program, please install one before conencting to the internet.)

PS--You can get replacement OS Reinstallation CDs from Dell for about $15 shipped. Just call 'em. [But Dell PC Restore is superior to a manual instalation for many reasons, IMO.]

For great advice on all topics XP, visit http://www.annoyances.org/exec/forum/winxp
- Edited by Dan at IT Associates Monday, August 25, 2008 7:09 PM Added a PS.
Monday, August 25, 2008 7:07 PM
0

Sign in to vote

bearskitkat,

Could you please give us some additional information concerning the virus you received? The name of the virus? The name of the scanner used to detect/resolve the virus? Along with any other information you are able to provide.

Additionally, could you please run http://safety.live.com/ Full System Scan for virus' and spyware.

Respectfully,

Rick, MS

Tuesday, August 26, 2008 9:47 PM
0

Sign in to vote

bearskitkat,

Could you please give us some additional information concerning the virus you received? The name of the virus? The name of the scanner used to detect/resolve the virus? Along with any other information you are able to provide.

Additionally, could you please run http://safety.live.com/ Full System Scan for virus' and spyware.

Respectfully,

Rick, MS

Tuesday, August 26, 2008 9:47 PM
0

Sign in to vote

At the time of infection we were running AVG anti-virus software. This was the free version, which had come installed on the computer. It didn't find any viruses, but when my computer started hanging alot, and we kept getting error messages i became suspicous. I then went and purchased Norton 360, and it found the following:

Hacktool.Rootkit
Trojan.Pandex
W32.Spybot.Worm
Backdoor.Trojan
Downloader.Zlob!

Wednesday, August 27, 2008 3:13 AM
0

Sign in to vote

Hacktool.Rootkit comprises a set of programs and scripts that work together to allow attackers to break into a system. If Hacktool.Rootkit is detected on a system, it is very likely that an attacker has gained complete control of that system. All files that are detected as Hacktool.Rootkit should be deleted. Infected systems may need to be restored from backups or patched to restore security.

Ref: http://www.symantec.com/security_response/writeup.jsp?docid=2002-011710-0057-99

Please note: I am not a Microsoft employee...only a voluntary forum contributor.

Wednesday, August 27, 2008 3:59 AM

Moderator

Answered by:

i ran the MGA Diagnostic.....

Question

Answers

All replies