locked
Tried to Rid Computer of "Spyware Protection" virus now everything is messed up! RRS feed

  • Question

  • I was on the internet when the typical spyware detection virus came up and said I have a bunch of issues.  I googled the program and found out its a virus.  I tried in both safe mode and normal to get this off my computer but any antivirus program I use freezes and wont go past a certain point.  So tried the system retore point.  After I did that the virus was still there, but now Microsoft Security Essentials says "Windows did not pass genuine validation.  It will disabled in 30 days."  What can I do. 

    Computer:

    Emachine e527 laptop

    Windows 7

    I downloaded and MGA Diag:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003
    ID: {64ABFB3E-41EF-462D-A583-734434EE672C}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.101026-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{64ABFB3E-41EF-462D-A583-734434EE672C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2578826049-2703704484-1707042222</SID><SYSTEM><Manufacturer>eMachines       </Manufacturer><Model>eMachines E527  </Model></SYSTEM><BIOS><Manufacturer>eMachines       </Manufacturer><Version>V1.01</Version><SMBIOSVersion major="2" minor="4"/><Date>20100416000000.000000+000</Date></BIOS><HWID>23B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>8F7526AE89B95DA</Val><Hash>jkmLoihHbzUZh9X70B4f9ofOvZs=</Hash><Pid>70145-749-2425096-57904</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385
    Error: product key not found.

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:10:2011 03:08
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAIAAQABAAIAAQABAAAAAgABAAEAJJTOpiCgTjQGD+wHXHgMyN6IeP4Itq4VVrg=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   ACRSYS  ACRPRDCT
      FACP   ACRSYS  ACRPRDCT
      HPET   ACRSYS  ACRPRDCT
      BOOT   ACRSYS  ACRPRDCT
      MCFG   ACRSYS  ACRPRDCT
      ASF!   ACRSYS  ACRPRDCT
      SLIC   ACRSYS  ACRPRDCT
      SSDT   PmRef  Cpu0Cst
      SSDT   PmRef  Cpu0Cst

     

    Monday, February 21, 2011 11:19 PM

Answers

  • "Coltcincy" wrote in message news:f5e21f2a-0bfb-4a95-a749-e4aebea2a8a3...

    I was on the internet when the typical spyware detection virus came up and said I have a bunch of issues.  I googled the program and found out its a virus.  I tried in both safe mode and normal to get this off my computer but any antivirus program I use freezes and wont go past a certain point.  So tried the system retore point.  After I did that the virus was still there, but now Microsoft Security Essentials says "Windows did not pass genuine validation.  It will disabled in 30 days."  What can I do. 

    Computer:

    Emachine e527 laptop

    Windows 7

    I downloaded and MGA Diag:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385
    Error: product key not found.

     


    First thing is to get rid of your fake 'Anti-Virus'!
    Download and install Malwarebytes Anti-malware (www.malwarebytes.org ) update it, then boot to Safe Mode, and run a Full System Scan in your main user profile, and a Quick Scan in every other profile.
    Hopefully, that will get rid of the fake.
    Once you've done that, reboot twice.
    Then run another MGADiag report, in case the process has changed anything, and post back.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, February 22, 2011 3:39 AM
    Moderator

All replies

  • "Coltcincy" wrote in message news:f5e21f2a-0bfb-4a95-a749-e4aebea2a8a3...

    I was on the internet when the typical spyware detection virus came up and said I have a bunch of issues.  I googled the program and found out its a virus.  I tried in both safe mode and normal to get this off my computer but any antivirus program I use freezes and wont go past a certain point.  So tried the system retore point.  After I did that the virus was still there, but now Microsoft Security Essentials says "Windows did not pass genuine validation.  It will disabled in 30 days."  What can I do. 

    Computer:

    Emachine e527 laptop

    Windows 7

    I downloaded and MGA Diag:

     

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
    Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
    Windows Product ID: 00359-OEM-8992687-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010300.0.0.003

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385
    Error: product key not found.

     


    First thing is to get rid of your fake 'Anti-Virus'!
    Download and install Malwarebytes Anti-malware (www.malwarebytes.org ) update it, then boot to Safe Mode, and run a Full System Scan in your main user profile, and a Quick Scan in every other profile.
    Hopefully, that will get rid of the fake.
    Once you've done that, reboot twice.
    Then run another MGADiag report, in case the process has changed anything, and post back.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, February 22, 2011 3:39 AM
    Moderator
  • No reply from the Original Poster.

    Issue is assumed to be resolved.


    Darin MS
    Tuesday, March 1, 2011 11:12 PM