Windows validation

Discussion in 'Software' started by Lirpa, Jun 2, 2008.

  1. Lirpa

    Lirpa Private E-2

    Hello guys,

    The other day I had downloaded a codex and instantly noticed alot of maleware had installed itself. I have beae working with Chaslang in the maleware forums and hes been working with me in removing what is there. 1 additional problem that started the exact same time as the maleware is now I am getting an icon on my task bar saying that my windows isnt valadated. I downloaded the wga tools and here is my log:

    Diagnostic Report (1.7.0095.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Not Activated
    Validation Code: 1
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-67QTQ-WVX8T-F9F2F
    Windows Product Key Hash: FjVPOBrzQWtBW6ifpDF3aob7lOc=
    Windows Product ID: 55285-016-7140295-21256
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {2069DF57-4C39-4483-8B66-3CA0C2CA03B4}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 5
    File Exists: Yes
    Version: 1.7.18.7
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: Microsoft
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 101 Not Activated
    Microsoft Office XP Standard for Students and Teachers - 101 Not Activated
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005_3E121E02-385-80004005_3E121E02-452-80004005_3E121E02-312-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{2069DF57-4C39-4483-8B66-3CA0C2CA03B4}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-F9F2F</PKey><PID>55285-016-7140295-21256</PID><PIDType>0</PIDType><SID>S-1-5-21-1343024091-413027322-839522115</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>A7N8X2.0</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS A7N8X2.0 ACPI BIOS Rev 1007</Version><SMBIOSVersion major="2" minor="2"/><Date>20031006000000.000000+000</Date></BIOS><HWID>2E8C3E9F0184AE7B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>101</Result><Products><Product GUID="{913D0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office XP Standard for Students and Teachers</Name><Ver>10</Ver><Val>189E5C7D5C1E39C</Val><Hash>V9XKONM7Ug6i7rfSagKXevcYRFg=</Hash><Pid>55866-719-3850381-17685</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="10" Result="101"/><App Id="18" Version="10" Result="101"/><App Id="1A" Version="10" Result="101"/><App Id="1B" Version="10" Result="101"/></Applications></Office></Software></GenuineResults>


    After looking at the log I noticed that the key they have doesnt match what I have on my cd. Also, says that my microsoft office isnt activated either. When I go to start, all programs, accesories, system tools, windows activate, it states that it already is. Same with the office. When I open any office application and go to help and activate, says it already is. Both these are legit software and I still have both cd's. Any help in this matter will be appreciated. Thank for your time.
     
  2. sosaman

    sosaman Sergeant Major

    well, malware can do alot of wierd stuff. i've seen fake "your infected-click me", "fake security center", etc, etc. however, i've never seen one change the key(s). anyway, if you are sure your key was changed, i'd change it back, and see what happens. you can use http://www.majorgeeks.com/Magical_Jelly_Bean_Keyfinder_d2612.html <-- Magical Jelly Bean Keyfinder 2.0 Beta 5, to read your key(s) (this version doesn't allow you to change the key(s) though.

    if you hit up their site, at least this "keyfinder.v1.51.zip" version let's you read, and change your key. i know it will for windows, not sure about ms office though. you might want to make a copy of your registry just in case.

    http://magicaljellybean.com/keyfinder/old.shtml <-- Older versions

    http://www.magicaljellybean.com/files/keyfinder.v1.51.zip <-- keyfinder.v1.51.zip

    fyi, next time you need codecs, make sure you get them from a reputible site, and scan them with anti-virus, and anti-spy scans. g/l, sos
     
  3. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi


    Dont know if you have fully finished working with Chas to remove the malware but I would complete that process first as doing too many tasks at once can hamper the malware removal, then on the licencing issues you can call Microsoft up in your location to have them manually activate both products, especially as you have the licence keys on the CDs.


    Office
    http://support.microsoft.com/kb/828958 ( use activate by phone and number for your locatity is listed )

    Windows
    http://support.microsoft.com/kb/950929/ ( use activate by phone )
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds