Author Topic: Windows is not Genuine Virus--Need help  (Read 32445 times)

0 Members and 1 Guest are viewing this topic.

EGsolo

  • Guest
Windows is not Genuine Virus--Need help
« on: July 07, 2013, 06:20:48 PM »
About a week ago I logged onto my computer and encountered a black screen and pop up saying my Windows 7 is not genuine with the options: Get genuine now and Ask me later. Below those options in the right-hand corner is a cancel button and I clicked that. So it logs me on but my wallpaper is black with Windows 7, Build 7601, This copy of windows is not genuine in the right-hand corner. The entire theme on my computer is windows classic except for my icons. This is an Asus G73jh serie laptop running windows 7 64-bit. I had this laptop for 3 years and have never encountered this problem. I am also positive my OS is not a counterfeit because of how long I had it without getting this pop-up and the fact that I bought it from Bestbuy. I will also like to add that when I check for my product ID for the windows activation in my Computer it says it is not available, but when I used a program that checks for product ID's and key's it lists it. I am guessing this is a virus because since this has happened I've been getting pop ups with every link I click on and have trouble loading antivirus programs such as Avast. Is there anyone who can help me with this problem?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Windows is not Genuine Virus--Need help
« Reply #1 on: July 07, 2013, 06:28:33 PM »
follow guide here and attach logs (not copy and paste).  http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

run in the order listed.... when done a removal expert will help you


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Windows is not Genuine Virus--Need help
« Reply #2 on: July 07, 2013, 06:29:40 PM »
This is another option:
1. Create a system restore point before doing any changes
2. Start / My Computer
3. Click on C drive / WINDOWS folder / system32 folder ( C:\WINDOWS\system32 )
4. Locate : WgaTray
5. Right mouse click on it and select Rename
6. Type : WgaTray-Globehex.exe
7. Click Ok and make sure its renamed
8. Now locate WgaLogon.dll
9. Right mouse click on it and select Rename
10. Type : WgaLogon-Globehex.dll
11. Click Ok and make sure its renamed
12. Close everything
13. Press Ctrl + Alt + Delete to open Task Manager
14. Go under Processes tab and locate WgaTray.exe
15. Right mouse click on it and select : End Process
16. Click Yes
17. Exit Task Manager
18. Restart your computer

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

EGsolo

  • Guest
Re: Windows is not Genuine Virus--Need help
« Reply #3 on: July 08, 2013, 07:07:44 PM »
follow guide here and attach logs (not copy and paste).  http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

run in the order listed.... when done a removal expert will help you


Pondus

Here are the logs

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not Genuine Virus--Need help
« Reply #4 on: July 08, 2013, 07:25:23 PM »
Had you just updated to SP1 prior to this error ?

When you boot and the validation pops up then click validate online

EGsolo

  • Guest
Re: Windows is not Genuine Virus--Need help
« Reply #5 on: July 08, 2013, 07:52:16 PM »
Had you just updated to SP1 prior to this error ?

When you boot and the validation pops up then click validate online

The only update that was preformed was a Definition Update for Windows Defender on July 2nd. There is no option that specifically says validate online, only Get Genuine Now and Ask me later. I clicked on Get Genuine Now and got an error with the code: 0x80070005. I also try running slui and I get the same error message. I also just noticed that even though I have perfect internet connection, my signal icon has a red X over it, indicating I have no internet connection(but I do). Would that be a reason why I cannot validate?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not Genuine Virus--Need help
« Reply #6 on: July 08, 2013, 08:38:26 PM »
Hmm it is a problem with I believe the trusted installer, run this OTL fix, reboot and try to validate again 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]

"Flags"=dword:0000000c
 "State"=dword:00000000
 "RefCount"=dword:00000001
 "Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
 "ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
   00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
   5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
   00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
 "ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
   00,73,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
   66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,\
   00,72,00,76,00,69,00,63,00,65,00,00,00
 "Flags"=dword:00000000
 "State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
 "ProfileImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
   00,73,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,72,00,6f,00,\
   66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,\
   00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
 "Flags"=dword:00000000
 "State"=dword:00000000

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

EGsolo

  • Guest
Re: Windows is not Genuine Virus--Need help
« Reply #7 on: July 08, 2013, 09:28:39 PM »
Pasted the code and got the error:

'0000000c"State"=dword:00000000"RefCount"=dword:00000001"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00' is not a valid integer value.

then it stopped responding

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not Genuine Virus--Need help
« Reply #8 on: July 09, 2013, 12:01:40 AM »
OK I will recheck the coding .. Although it should work as I got it from technet

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

EGsolo

  • Guest
Re: Windows is not Genuine Virus--Need help
« Reply #9 on: July 09, 2013, 01:35:25 AM »
Got the error :

You cannot rename ComboFix as 218239~1

Please use another name, preferably made up of alphanumeric characters


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not Genuine Virus--Need help
« Reply #10 on: July 09, 2013, 03:43:06 PM »
Did you try to rename combofix ?  If not then could you try to run from safe mode

EGsolo

  • Guest
Re: Windows is not Genuine Virus--Need help
« Reply #11 on: July 09, 2013, 07:57:00 PM »
I received the same error when I was in safe mode. I did not rename anything or had the chance to rename combofix.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not Genuine Virus--Need help
« Reply #12 on: July 09, 2013, 09:04:43 PM »
Could you download and run WGA from here please http://www.microsoft.com/en-gb/download/details.aspx?id=20888

EGsolo

  • Guest
Re: Windows is not Genuine Virus--Need help
« Reply #13 on: July 09, 2013, 09:58:51 PM »
Got the error:
Windows Genuine Advantage Notifications requires Microsoft Windows XP to install.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows is not Genuine Virus--Need help
« Reply #14 on: July 09, 2013, 11:27:25 PM »
Could you follow the steps here please, I was trying a shortcut  :-[
http://windows.microsoft.com/en-GB/windows7/activate-windows-7-on-this-computer