locked
Keep getting "Unable to Complete Genuine Windows Validation" RRS feed

  • Question

  • Long story short, got attacked by some nasty virus. Got rid of all malware, but I've tried everything and  I still get:

    This copy of Windows did not pass genuine validation because the validation process could not be completed.

    I did run the diagnotic program (report below).  Notice the validation status is "genuine" so I don't know why it is "unable to complete genuine Windows validation."

    I know it's from that malware, but I'm at a loss as to what to do and I'd hate to have to wipe everything because of some stupid windows thing.

    I've even tried to run the validation program WindowsXP-KB905474-ENU-x86-Standalone but no dice.

    Any  ideas?

    Sean




    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-6G2PC-47M86-W6G9Y
    Windows Product Key Hash: fWnZ43Mw1/L6DvYwgzBQIi+v1W0=
    Windows Product ID: 55274-640-7172121-23879
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {561CED7D-58B2-4BE7-862D-654383D37345}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.8.31.9
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    Version: 1.8.31.9
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Friday, October 3, 2008 12:58 AM

Answers

  • magma2,

    Absolutely no disrespect to your IT guy, running multiple antimalware (ANTI:virus/trojan/spyware/adware) is not recommended. Which ever main Antimalware program you paid for, needs to be the one you use.

    My personal view for what it's worth:

    1. Free antimalware software is is worth as much as you pay for it. The company who provides it online for download, is about as accountable for that software on your machine as what you paid for it.
    2. Free software can be created with embedded potentially harmful software as well.
    3. I try to remain far from anything with "Tool Bar" in it and freeware/shareware as possible.

    To repeat what I wrote in my last response:

    Additionally, the information located after "
    File Scan Data-->" is missing. We call this the XML blob. When you run the diagnostic, it is important to copy and paste the data right here into the forum As-Is. Otherwise I will be unable to fully analyze the report. No information which is personally identifiable to you is submitted with the report. Make sure not to post your Full Product Key.

    magma2, it is up to you where to go from here. Personally, I'd back up all my important data and restore the system too. There is no way of telling what a malware has done to your system after it has attacked. I hope you find my information here somewhat helpful.

    Rick, MS
    • Marked as answer by RickImAPC Friday, October 3, 2008 2:37 PM
    Friday, October 3, 2008 2:37 PM
  • magma2,

    The second piece..

    Thank you for visiting the Windows Genuine Advantage (WGA) program forum. I understand the inconvenience you are currently experiencing. We have seen numerous issues from customers who were provided a Volume License Key (VLK) on their computer that has either been blocked by Microsoft or generated by a fake product key code generator. WGA currently provides checks for these types of product keys and prompts the user to notify them of this situation. More invalid product keys are being identified daily and WGA is constantly refreshing its database with these newly identified product keys and immediately blocks them.

    Right now, your computer has a Volume License (VL) edition of Windows XP Pro identified. The installation was done with a now-blocked Volume License Key (VLK) located on line 2. VLKs are blocked by Microsoft at the request of the original product key holder for various reasons such as the product key was lost, stolen, compromised, misused, or expired. Also, MS may have blocked the key if it notices a pattern of misuse, i.e., more installations of Windows XP Pro using that key than authorized.

    As a rule, VL editions of Windows XP Pro should not be sold to individual consumers. Businesses, schools and governments normally use VL editions for flexibility in installing many computers.  Also, Volume Licenses for Windows XP is Upgrade licenses ONLY and cannot be used as the original or base license for a new computer.

    This is why you were seeing the "Software Counterfeiting" messages on your computer, because the current installation of Windows XP Pro is an unauthorized installation.

    Look on the computer or in the materials that came with your computer to see if you have a Certificate of Authenticity (COA).  The following websites will help determine the validity of your operating system as well as identify various COA’s.

    Windows Comparison Guide - All genuine editions of Windows can be identified by their anti-counterfeiting features. Answer the short questions to compare your features with those found on genuine Microsoft software. See the following link:

    http://www.microsoft.com/resources/howtotell/ww/windows/quiz_coa.mspx

    Answer these short questions to compare your features with those found on Retail copy of genuine Microsoft software. See the following link:

    http://www.microsoft.com/resources/howtotell/windows/quiz.aspx?method=oem_coa&acq=1&type=coa&displaylang=en

    Answer these short questions to compare your features with those found on a Volume Licensed copy of genuine Microsoft software. See the following link:

    http://www.microsoft.com/resources/howtotell/ww/windows/quiz_vol.mspx

    Please tell us about the Certificate of Authenticity (COA) for your copy of Windows XP.

    1. What edition/version of Windows XP is titled?

    ·         Home

    ·         Professional

    ·         Media Center

    2. Does it read "OEM Software" or "OEM Product" in black lettering?

    3. Or, does it have the computer manufacturer's name in black lettering?

    4. Please provide the customer scenario you are experiencing.

    5. DO NOT post the Product Key.

    Not sure what to look for, see this page to reference your COA:

    http://www.microsoft.com/resources/howtotell/product.aspx?pID=2abf99cd-a5e4-469c-802e-55ca8ec542d5&cID=ea710cad-37b0-4975-bcd6-abfee19961df&method=oem&displaylang=en

    If this comes as a total surprise to you, please go back to where you purchased the installed Windows XP Pro and let them know it is a counterfeit copy and demand they immediately reimburse you and/or provide a Genuine Copy. Next, uninstall the non-genuine installation of Windows XP Pro because there could be viruses pre-built into the counterfeit version of the software purchased.

    If you still believe your VLK is Genuine, please refer to the following steps to confirm either genuine or non-genuine status: 

     1) If you are a Microsoft Volume Licensing customer you should contact your re-seller and address the issue with them directly.

    2) Refer to this Microsoft Product Activation website for information concerning VLK’s. See the link below:

    http://www.microsoft.com/licensing/resources/vol/default.mspx#EJG

     3) If your reseller did not keep a record of your key, and is unable to assist you or can no longer be contacted, please call the appropriate number here to confirm your Volume Licensing agreement directly with Microsoft. The below Microsoft Volume Licensing FAQ will provide you with all the information needed to contact Microsoft directly about your Volume Licensing agreement:

     http://www.microsoft.com/licensing/resources/faq.mspx

    4) If you believe you have been sold counterfeit software you can provide Piracy information using the below link:

    http://www.microsoft.com/piracy/reporting/default.aspx

    5) If your issue is still not resolved you may Purchase a copy of Windows XP or if you believe you have an existing valid Product Key and change the existing product key using the following Microsoft Knowledge base article to change the VLK only. This will not work when trying to change the Blocked VLK to a Retail or OEM Product Key.

    KB328874 - How to change the Volume Licensing product key on a computer that is running Windows XP SP1 and later versions of Windows XP

    http://support.microsoft.com/kb/328874/en-us

     6) If you are attempting to change the existing key to a valid OEM or Retail key please follow the repair installation outlined in this Microsoft Knowledge Base article:

    KB315341 - How to perform an in-place upgrade (reinstallation) of Windows XP

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341

    A "Blocked VLK" is a Volume License Key that is valid, but was licensed solely to a corporation or larger enterprise/business. Blocked VLK's are Product Keys that Microsoft has received consent from the original owner to block usage of. A VL Product Key is non-transferrable to individuals. In order to resolve your non-genuine licensing issue, please visit the following link click on Validate Windows. When validation fails, click on the Get Genuine button which will provide information on how to acquire a WGA Kit. Here is the link:

    www.microsoft.com/genuine

    Thank you for visiting the Windows Genuine Advantage (WGA) program forums. 

    Rick, MS

    • Marked as answer by RickImAPC Friday, October 3, 2008 2:42 PM
    Friday, October 3, 2008 2:42 PM

All replies

  • magma2,

    T
    hank you for visiting the Windows Genuine Advantage (WGA) program forum.  The purpose of this forum is the support of the Windows Genuine Advantage (WGA) program. Virus are off topic.  Please call our PC Safety line at 1-866-PCSAFETY or 1 (866) 727-2338.  This phone number is for virus and other security-related support free of charge. It is available 24 hours a day for the U.S. and Canada.

    Detailed information including selecting various regions for support can be located at:

    http://www.microsoft.com/protect/support/default.mspx

    The following link regarding Cleaning a Compromised System can be found here:

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    The following link regarding Computer Viruses: Description, Prevention, and Recovery can be found here:

    http://support.microsoft.com/kb/129972/en-us

    The best way for eradicating malware and virus infections is to re-image your computer. Reinstallation does take time. It may provide you with a better peace of mind overall.  Should you take this route and need assistance please reference the following Knowledge Base (KB) articles.

    KB316941: How to install or upgrade to Windows XP

    http://support.microsoft.com/kb/316941/en-us 

    The following article how to Install Windows XP may also be helpful for you:

    http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx

    Now you will need HELP for fighting spyware and keeping a newly re-formatted system free from malware and viruses.  Please always ensure critical updates are updated by visiting the Windows Update site located here:

    http://www.update.microsoft.com/

    Next you may want to download Windows Defender for free. Windows Defender will help thwart malware infestations. It can be found here:

    http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

     Next, the Microsoft Security Center has many links providing customers assistance for arming themselves against malicious activities which lurk around the Internet.  It can be found here: 

    http://www.microsoft.com/security/default.mspx .  

    Windows Live OneCare is a great tool for providing the following services: Antivirus & Antispyware, Online ID Protection, Firewall, Multi-PC Management, Printer Sharing, and Backup and Restore features.   Information for OneCare can be found here:

     http://www.onecare.com/  

    OneCare will help detect and eradicate both malware and viruses from your system while silently running behind the scenes. OneCare may be purchased inexpensively from Microsoft Marketplace at the following link:

    http://www.windowsmarketplace.com/showcase.aspx?ctid=5&WT.mc_id=point_it_store_microsoft_a_G

    I encourage regular visits to The Microsoft Security Response Center (MSRC) blog located at the following link:

    http://blogs.technet.com/msrc/default.aspx

    Microsoft provides a real-time way for communicating with customers as well as helping customers understand Microsoft's security response efforts.  The following link is for the Security at home website:

    http://www.microsoft.com/protect/default.mspx

    The following link is for the Security Guidance Center:

    http://www.microsoft.com/smallbusiness/support/computer-security-overview.aspx - BulletinsAndAlerts

    These sites provide many links with detailed information covering PC Safety and Security. Please take the time and review the various links because there is a wealth of information for protecting families while using the computer.

    Additionally, the information located after "File Scan Data-->" is missing. We call this the XML blob. When you run the diagnostic, it is important to copy and paste the data right here into the forum As-Is. Otherwise I will be unable to fully analyze the report. No information which is personally identifiable to you is submitted with the report. Make sure not to post your Full Product Key.

    Thank you again for contacting the Windows Genuine Advantage (WGA) program forums.

    Rick, MS

    • Marked as answer by RickImAPC Friday, October 3, 2008 2:37 PM
    • Unmarked as answer by RickImAPC Friday, October 3, 2008 2:39 PM
    Friday, October 3, 2008 3:29 AM
  • magma2,

    Additionally, I would like any information you could provide as to what kind of malware you encountered? The name? The steps you took when you got infected? Your overall customer scenario would be very helpful.

    This information will help for possible trending issues here in the forums.

    Thank you again for contacting us here at the WGA program forum.

    Rick, MS

    Friday, October 3, 2008 3:32 AM
  • Thank you for all the links.   I'll check them out.  But, perhaps I wasn't clear.  I have removed all the malware and the attack.  Among other things I used "hijackthis" with the help of my co. IT guy, superAntispyware, malwarebytes, and a couple of other programs.  I've spent a lot of time on this and I'm convinced that while caused by the virus I encountered, the validation problem is my last hold out.

    I'll check the links, but my guess now is I'll have to reload XP.  I was hoping to avoid that as you can imainge, which is why I spent so much time cleaning up the mess up until this point.

    I probably would have saved time backing up some files and wiping the harddrive.

    Thanks anyway.
    Friday, October 3, 2008 4:23 AM
  • magma2,

    Absolutely no disrespect to your IT guy, running multiple antimalware (ANTI:virus/trojan/spyware/adware) is not recommended. Which ever main Antimalware program you paid for, needs to be the one you use.

    My personal view for what it's worth:

    1. Free antimalware software is is worth as much as you pay for it. The company who provides it online for download, is about as accountable for that software on your machine as what you paid for it.
    2. Free software can be created with embedded potentially harmful software as well.
    3. I try to remain far from anything with "Tool Bar" in it and freeware/shareware as possible.

    To repeat what I wrote in my last response:

    Additionally, the information located after "
    File Scan Data-->" is missing. We call this the XML blob. When you run the diagnostic, it is important to copy and paste the data right here into the forum As-Is. Otherwise I will be unable to fully analyze the report. No information which is personally identifiable to you is submitted with the report. Make sure not to post your Full Product Key.

    magma2, it is up to you where to go from here. Personally, I'd back up all my important data and restore the system too. There is no way of telling what a malware has done to your system after it has attacked. I hope you find my information here somewhat helpful.

    Rick, MS
    • Marked as answer by RickImAPC Friday, October 3, 2008 2:37 PM
    Friday, October 3, 2008 2:37 PM
  • magma2,

    The second piece..

    Thank you for visiting the Windows Genuine Advantage (WGA) program forum. I understand the inconvenience you are currently experiencing. We have seen numerous issues from customers who were provided a Volume License Key (VLK) on their computer that has either been blocked by Microsoft or generated by a fake product key code generator. WGA currently provides checks for these types of product keys and prompts the user to notify them of this situation. More invalid product keys are being identified daily and WGA is constantly refreshing its database with these newly identified product keys and immediately blocks them.

    Right now, your computer has a Volume License (VL) edition of Windows XP Pro identified. The installation was done with a now-blocked Volume License Key (VLK) located on line 2. VLKs are blocked by Microsoft at the request of the original product key holder for various reasons such as the product key was lost, stolen, compromised, misused, or expired. Also, MS may have blocked the key if it notices a pattern of misuse, i.e., more installations of Windows XP Pro using that key than authorized.

    As a rule, VL editions of Windows XP Pro should not be sold to individual consumers. Businesses, schools and governments normally use VL editions for flexibility in installing many computers.  Also, Volume Licenses for Windows XP is Upgrade licenses ONLY and cannot be used as the original or base license for a new computer.

    This is why you were seeing the "Software Counterfeiting" messages on your computer, because the current installation of Windows XP Pro is an unauthorized installation.

    Look on the computer or in the materials that came with your computer to see if you have a Certificate of Authenticity (COA).  The following websites will help determine the validity of your operating system as well as identify various COA’s.

    Windows Comparison Guide - All genuine editions of Windows can be identified by their anti-counterfeiting features. Answer the short questions to compare your features with those found on genuine Microsoft software. See the following link:

    http://www.microsoft.com/resources/howtotell/ww/windows/quiz_coa.mspx

    Answer these short questions to compare your features with those found on Retail copy of genuine Microsoft software. See the following link:

    http://www.microsoft.com/resources/howtotell/windows/quiz.aspx?method=oem_coa&acq=1&type=coa&displaylang=en

    Answer these short questions to compare your features with those found on a Volume Licensed copy of genuine Microsoft software. See the following link:

    http://www.microsoft.com/resources/howtotell/ww/windows/quiz_vol.mspx

    Please tell us about the Certificate of Authenticity (COA) for your copy of Windows XP.

    1. What edition/version of Windows XP is titled?

    ·         Home

    ·         Professional

    ·         Media Center

    2. Does it read "OEM Software" or "OEM Product" in black lettering?

    3. Or, does it have the computer manufacturer's name in black lettering?

    4. Please provide the customer scenario you are experiencing.

    5. DO NOT post the Product Key.

    Not sure what to look for, see this page to reference your COA:

    http://www.microsoft.com/resources/howtotell/product.aspx?pID=2abf99cd-a5e4-469c-802e-55ca8ec542d5&cID=ea710cad-37b0-4975-bcd6-abfee19961df&method=oem&displaylang=en

    If this comes as a total surprise to you, please go back to where you purchased the installed Windows XP Pro and let them know it is a counterfeit copy and demand they immediately reimburse you and/or provide a Genuine Copy. Next, uninstall the non-genuine installation of Windows XP Pro because there could be viruses pre-built into the counterfeit version of the software purchased.

    If you still believe your VLK is Genuine, please refer to the following steps to confirm either genuine or non-genuine status: 

     1) If you are a Microsoft Volume Licensing customer you should contact your re-seller and address the issue with them directly.

    2) Refer to this Microsoft Product Activation website for information concerning VLK’s. See the link below:

    http://www.microsoft.com/licensing/resources/vol/default.mspx#EJG

     3) If your reseller did not keep a record of your key, and is unable to assist you or can no longer be contacted, please call the appropriate number here to confirm your Volume Licensing agreement directly with Microsoft. The below Microsoft Volume Licensing FAQ will provide you with all the information needed to contact Microsoft directly about your Volume Licensing agreement:

     http://www.microsoft.com/licensing/resources/faq.mspx

    4) If you believe you have been sold counterfeit software you can provide Piracy information using the below link:

    http://www.microsoft.com/piracy/reporting/default.aspx

    5) If your issue is still not resolved you may Purchase a copy of Windows XP or if you believe you have an existing valid Product Key and change the existing product key using the following Microsoft Knowledge base article to change the VLK only. This will not work when trying to change the Blocked VLK to a Retail or OEM Product Key.

    KB328874 - How to change the Volume Licensing product key on a computer that is running Windows XP SP1 and later versions of Windows XP

    http://support.microsoft.com/kb/328874/en-us

     6) If you are attempting to change the existing key to a valid OEM or Retail key please follow the repair installation outlined in this Microsoft Knowledge Base article:

    KB315341 - How to perform an in-place upgrade (reinstallation) of Windows XP

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341

    A "Blocked VLK" is a Volume License Key that is valid, but was licensed solely to a corporation or larger enterprise/business. Blocked VLK's are Product Keys that Microsoft has received consent from the original owner to block usage of. A VL Product Key is non-transferrable to individuals. In order to resolve your non-genuine licensing issue, please visit the following link click on Validate Windows. When validation fails, click on the Get Genuine button which will provide information on how to acquire a WGA Kit. Here is the link:

    www.microsoft.com/genuine

    Thank you for visiting the Windows Genuine Advantage (WGA) program forums. 

    Rick, MS

    • Marked as answer by RickImAPC Friday, October 3, 2008 2:42 PM
    Friday, October 3, 2008 2:42 PM