Avast WEBforum

Other => Viruses and worms => Topic started by: EGsolo on July 07, 2013, 06:20:48 PM

Title: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 07, 2013, 06:20:48 PM
About a week ago I logged onto my computer and encountered a black screen and pop up saying my Windows 7 is not genuine with the options: Get genuine now and Ask me later. Below those options in the right-hand corner is a cancel button and I clicked that. So it logs me on but my wallpaper is black with Windows 7, Build 7601, This copy of windows is not genuine in the right-hand corner. The entire theme on my computer is windows classic except for my icons. This is an Asus G73jh serie laptop running windows 7 64-bit. I had this laptop for 3 years and have never encountered this problem. I am also positive my OS is not a counterfeit because of how long I had it without getting this pop-up and the fact that I bought it from Bestbuy. I will also like to add that when I check for my product ID for the windows activation in my Computer it says it is not available, but when I used a program that checks for product ID's and key's it lists it. I am guessing this is a virus because since this has happened I've been getting pop ups with every link I click on and have trouble loading antivirus programs such as Avast. Is there anyone who can help me with this problem?
Title: Re: Windows is not Genuine Virus--Need help
Post by: Pondus on July 07, 2013, 06:28:33 PM
follow guide here and attach logs (not copy and paste).  http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

run in the order listed.... when done a removal expert will help you

Title: Re: Windows is not Genuine Virus--Need help
Post by: polonus on July 07, 2013, 06:29:40 PM
This is another option:
1. Create a system restore point before doing any changes
2. Start / My Computer
3. Click on C drive / WINDOWS folder / system32 folder ( C:\WINDOWS\system32 )
4. Locate : WgaTray
5. Right mouse click on it and select Rename
6. Type : WgaTray-Globehex.exe
7. Click Ok and make sure its renamed
8. Now locate WgaLogon.dll
9. Right mouse click on it and select Rename
10. Type : WgaLogon-Globehex.dll
11. Click Ok and make sure its renamed
12. Close everything
13. Press Ctrl + Alt + Delete to open Task Manager
14. Go under Processes tab and locate WgaTray.exe
15. Right mouse click on it and select : End Process
16. Click Yes
17. Exit Task Manager
18. Restart your computer

polonus
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 08, 2013, 07:07:44 PM
follow guide here and attach logs (not copy and paste).  http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

run in the order listed.... when done a removal expert will help you


Pondus

Here are the logs
Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 08, 2013, 07:25:23 PM
Had you just updated to SP1 prior to this error ?

When you boot and the validation pops up then click validate online
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 08, 2013, 07:52:16 PM
Had you just updated to SP1 prior to this error ?

When you boot and the validation pops up then click validate online

The only update that was preformed was a Definition Update for Windows Defender on July 2nd. There is no option that specifically says validate online, only Get Genuine Now and Ask me later. I clicked on Get Genuine Now and got an error with the code: 0x80070005. I also try running slui and I get the same error message. I also just noticed that even though I have perfect internet connection, my signal icon has a red X over it, indicating I have no internet connection(but I do). Would that be a reason why I cannot validate?
Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 08, 2013, 08:38:26 PM
Hmm it is a problem with I believe the trusted installer, run this OTL fix, reboot and try to validate again 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:Commands
[CREATERESTOREPOINT]
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]

"Flags"=dword:0000000c
 "State"=dword:00000000
 "RefCount"=dword:00000001
 "Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
 "ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
   00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
   5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
   00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
 "ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
   00,73,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
   66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,\
   00,72,00,76,00,69,00,63,00,65,00,00,00
 "Flags"=dword:00000000
 "State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
 "ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
   00,73,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
   66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,\
   00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
 "Flags"=dword:00000000
 "State"=dword:00000000

:Commands
[resethosts]
[emptytemp]
[Reboot]
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 08, 2013, 09:28:39 PM
Pasted the code and got the error:

'0000000c"State"=dword:00000000"RefCount"=dword:00000001"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00' is not a valid integer value.

then it stopped responding
Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 09, 2013, 12:01:40 AM
OK I will recheck the coding .. Although it should work as I got it from technet

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1  (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here  (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)

(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 09, 2013, 01:35:25 AM
Got the error :

You cannot rename ComboFix as 218239~1

Please use another name, preferably made up of alphanumeric characters

Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 09, 2013, 03:43:06 PM
Did you try to rename combofix ?  If not then could you try to run from safe mode
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 09, 2013, 07:57:00 PM
I received the same error when I was in safe mode. I did not rename anything or had the chance to rename combofix.
Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 09, 2013, 09:04:43 PM
Could you download and run WGA from here please http://www.microsoft.com/en-gb/download/details.aspx?id=20888
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 09, 2013, 09:58:51 PM
Got the error:
Windows Genuine Advantage Notifications requires Microsoft Windows XP to install.

Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 09, 2013, 11:27:25 PM
Could you follow the steps here please, I was trying a shortcut  :-[
http://windows.microsoft.com/en-GB/windows7/activate-windows-7-on-this-computer
Title: Re: Windows is not Genuine Virus--Need help
Post by: EGsolo on July 10, 2013, 01:43:32 AM
I do not have the option to activate for some reason:
(http://i1266.photobucket.com/albums/jj525/EGSolonos/CompProp.jpg) (http://s1266.photobucket.com/user/EGSolonos/media/CompProp.jpg.html)
Title: Re: Windows is not Genuine Virus--Need help
Post by: essexboy on July 10, 2013, 07:03:00 PM
Could you go here and click Validate now (top right )  http://windows.microsoft.com/en-GB/windows/help/genuine/what-is-validation