Help Please! e-card exe resulted in WinXP not activated

Hi - First awesome site! Next - I'm stupid - opened an email that was an e-card that said to go to emilimport.com/e-card.exe - I double clicked on the link and got the blue screen of death. I had saved the file and ran McAffee scan on the file prior but it didn't warn me of anything. Anyway - had to reboot and upon entering my account - McAffee was disabled, no internet (wireless router), but I fixed all that. Problem: When I boot or enter into a WinXP (SP2) account, I now get screens/windows popping up that say things like - "Since Windows was installed on this computer, the hardware has changed. Due to these changes, windows must be reactivated within 3 days. Do you want to reactivate it now?" with Y/N buttons. Also, there is a blue 5 pointed star in my system that says "This copy of windows is not activated" when you mouse over it. Occasionally a pop up near the system tray reminds me that my copy of Windows is not validated and will expire in three days. It also says to ask for "Genuine Microsoft software"
What I did - ran MacAfee full scan - no joy
- googled it but couldn't find a specific fix
- found your site and ran the malware programs (Spybot, Malwarebytes, Combo-fix, Super-anti spyware (all of them)- still there - only one program found 4 small malware issues (thanks though). I will send the logs ... spybot didn't find anything - so only 3 log files
Question - Is this nuisance or will it freeze Windows.
Question - Should I attempt to "validate" my Windows version as requested? (I don't want to)
What next?
Thanks for the awesome site and useful guides/software etc. I tried searching and looking before I posted but no one seems to have this one ...
Pretty dumb I know ... clicking on an exe ... sooo HELP!
Thanks in advance -
Kelly
-

 

Morning ... one more thing ... I couldn't get McAffee to stop or disable it while I ran the scans. Not sure how to. Right clicking provides no "exit". All of the reboots / scans were completed in normal mode (as opposed to safe mode). The computer seems to be running normally except for the reminders to validate or re-activate Windows within 3 days. I get a grey box message as Windows starts and then system tray icons and windows that slide up out of the system tray every so often. After rebooting after each scan its still there.
Again - thanks in advance - I hope I have provided enough info and run the scans correctly.
Kelly

 

Hi again - not sure now if I have posted this to the right forum? I have re-run all the fix programs again and will attach them. I am still getting the "Windows is not activated" screens at startup of windows and then it installs in my system tray. It now says 2 days left to activate vs. yesterday's 3.
I clicked on the "do you want to activate now screen" and it takes you to what appears to be Microsoft's website. There it wants you to download an executable and run it!! (I didn't)
Yesterday when this happened - I tried to restore to a system restore point for the day before - it said it was successful but the (windows not activated) screens/reminders continue.
I know you guys are busy but I don't know where else to turn. Haven't received any replies.
Am I in the right forum?
The scans tonight revealed nothing ...
I guess I will start backing up my docs/drives for a re-install?
By the way - and I hope it goes without saying - I have a full licensed copy of WinXP Pro ... problem is that it doesn't seem to run right (its so old/scratched). I have considered just putting the numbers in to validate but I'm afraid the exe the site wants you to download will further trash my system. By the way - little is wrong from all appearances - when it happened it blue screened, gave the Windows has recovered from a serious error screen and McAfee showed disabled but appears to be good now (have updated and run full scans). The "thing" also screwed up my home network but its working again now ... so I don't know what happened - The only "presence" is the screens warning me I only have 2 days to validate my windows, etc. Not sure what happens then ...
Anyway, I certainly don't mean to offend and am very aware that I am asking for your assistance and your time. I just haven't received any replies and am concerned I'm not in the right place or the post hasn't been seen or I don't know what.
Will attach the latest scan reports.
All the best.
Kelly

 

Here is the last log requested. Please take a look ... I'm really scratching my head ... Thanks, Kelly

 

Fixed it myself.

 

Copy all. I beg to differ on the malware issue - it came into my computer as an invasion from an email sent by an unknown person. Perhaps it was not a malware issue as per your definition but some reply to my pleas would have been greatly reassuring and helpful. The lack of response was disappointing and as my thread shows, left me wondering if in fact I was posting in the wrong thread, etc. Not sure why as I its hard to conceive that I was the only victim of this "prank" or malware intrusion.
All the best and thanks for the cleanup advice.

 

Chaslang
Successful message on the regedit fix. Thanks.
Copy your remarks re bumping - it was unintended - frankly, I thought bumping was from forum to forum ...
In summary, I am / was / will be grateful to you, this site and others like it. I am more than aware that it is free and noticed that during my time of crisis, it was your birthday.
I have already learned a lot from the site - whether you fixed my particular problem or whether it was within the definition of "malware" or not - notwithstanding.

What did I do to fix my problem? Kept searching the net looking for similar problems - found a number of sites reporting (circa 2006) a similar but not exact match for the "windows not validated" scam distributed via e-card executables. Many fixes on that including symantec for the "trojan". That scam invalidated Windows and asked for credit card info to re-instate it.
Mine was more innocent (despite the blue screen crash, disabling of my home network, and screwing up of McAffee - that was pretty scary as I know just enough to be scared). I ran all your read me fixes and was realizing that it wasn't permanent/critical.
Bottom line - I found a chat site where folks were directed to magicjellybean.com that provided my (valid) key for WinXP and MSOffice - not sure but I think it simply searched my computer for the key (as the key produced matched my installation disk).
I then went to the official Microsoft site and requested a "validation", typed in the Key fields and it was validated or revalidated and the screens, etc. wentaway and I think I'm "fixed". (Hard for a non-expert to really know). I humbly submit this might be worth a "sticky" once suitably edited - In fact it may save you and the other helpers a bunch of time. So, I agree that it wasn't malware per se. But it really did throw me for a big loop.
As I have said throughout - thank you for your time, site and expertise, "stickies" and its free.
Cheers