[n0ng33k]

Hello,

I just recently got infected with a virus, and with the help of Malware Monger Mike, I managed to rid of it completely. Anyways, one of the "lasting effects" of this Virus I guess you could say, is that it seems to have "un-ge-nu-wined" my Windows, or at least is blocking something from making sure my Windows is genuine.

Here is a report from the MGADiagnostic tool:

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-W7R6W-36G2D-RXM63
Windows Product Key Hash: JMAAYkq21Vg31KRcy99frUKjZ9M=
Windows Product ID: 55274-640-2188736-23483
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {CE89DE15-89F1-4678-8F2C-BFB6EBD3BD81}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.18.7
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 5
File Exists: Yes
Version: 1.7.18.7
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005

Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CE89DE15-89F1-4678-8F2C-BFB6EBD3BD81}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RXM63</PKey><PID>55274-640-2188736-23483</PID><PIDType>0</PIDType><SID>S-1-5-21-1417001333-706699826-1957994488</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>XPS-Z </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20001128000000.000000+000</Date></BIOS><HWID>F80A368F0184C056</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17120</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

So according to the report, I have genuine Windows, but there is something in the way of it telling Microsoft that my XP is genuine...if that made sense.

Thanks.

Edited by n0ng33k, 18 July 2008 - 06:01 PM.

[Advertisements]

I saw failed validations a lot when I worked TEch Support for a major OEM.

See here:
http://www.computerw...ticleId=9032798

and here:
http://news.softpedi...ies-63769.shtml

This should work:

1) Go to Control Panel > Add Remove Programs
2) When the list populates at the top of the list check on "Show Updates"
3) Uninstall update # KB892130
4) re-validate ( go to www.microsoft.com/genuine )

that should work. If not, you most likely have registry corruption. or entrails from the virus/malware. the only effective way to fix registry issues is to re-format. (and check your backups to make sure you didn't advertantly back up the virus/malware.

[rocaddict]

I saw failed validations a lot when I worked TEch Support for a major OEM.

See here:
http://www.computerw...ticleId=9032798

and here:
http://news.softpedi...ies-63769.shtml

This should work:

1) Go to Control Panel > Add Remove Programs
2) When the list populates at the top of the list check on "Show Updates"
3) Uninstall update # KB892130
4) re-validate ( go to www.microsoft.com/genuine )

that should work. If not, you most likely have registry corruption. or entrails from the virus/malware. the only effective way to fix registry issues is to re-format. (and check your backups to make sure you didn't advertantly back up the virus/malware.

[n0ng33k]

Hi rocaddict, thanks for the reply.

I read those articles and found them quite informative, and that certainly would explain a lot, however I still believe that, like you said, the virus had some nasty leftovers. Formatting is out of the question as I have many important documents that I would not even dare move.

I looked in the control panel updates for KB892130, but I only found updates that started with a KB9xxxxx.

I have tried www.microsoft.com/genuine, but it said: "This copy of Windows did not pass genuine validation because the validation process could not be completed." I turned off all of my Firewalls, and Antivirus programs, and disabled everything that could possibly be blocking the validation somehow, but it still did not work.

Help?

EDIT: After some fishing around I discovered the update which you were talking about, and it turns out my computer was missing that particular update. I installed it. In the control panel it says that this update cannot be removed...I will reboot my computer asap and post back the results to see if that update fixes the problem.

Edited by n0ng33k, 20 July 2008 - 12:06 PM.

[Mike]

Hi again

I actually just saw something I overlooked, is your office suite legitimate? 114 Blocked VLK 2 <-- 114 is a code returned when the software isn't a legitimate version...

Edited by Mike, 20 July 2008 - 01:41 PM.

[n0ng33k]

Hi Mike again

I am pretty sure that my Office is legit, but I can't be 100% sure as I bought my computer used back in late 2000, early 2001. So there definitely is a possiblity that my Office is fake . I guess there isn't really a remedy to this problem other than to remove the warning somehow?

[Mike]

From my standpoint, after you try what rocaddict advised, your best bet will be to call Microsoft and get things straightened out with them.
You can also go to their forums and see if they can help you there.

[n0ng33k]

Yeah, that was what I was thinking. I will definitely give Microsoft a call in the near distant future and see what's going on. Feel free to close this thread unless someone else has a solution.