Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal Advantage Validation from XP


  • Please log in to reply
6 replies to this topic

#1 Sonshine131

Sonshine131

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 December 2011 - 03:04 PM

I need help to remove "Windows Genuine Advantage Validation v1.9.9.1" from my computer. AVG found this Trojan horse Generic5 but it does not remove it. Please help.

Thanks!

Sonshine

Edited by Andrew, 28 December 2011 - 03:37 PM.
Mod Edit: Moved from logs forum to AII - AA


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,255 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:28 PM

Posted 28 December 2011 - 03:37 PM

"Windows Genuine Advantage Validation v1.9.9.1" is the name of a legitimate Windows component so this may be a false positive.

AVG should list the file it thinks is infected in the Infections tab of the scan results. From there you can locate the file on your hard drive and upload it to VirusTotal.com to have the file scanned by 40 different anti-virus tools and view the results. Alternatively you may upload it here and I can take a look at it to make sure it's the real Windows file.

You may also want to scan your computer with a different tool to get a second opinion (since no anti-virus program is perfect.) Trend Micro offers a quick scanner which is available here: Trend Micro Housecall (you want the 32-bit version.) Another good, but harder to use, scanner is Microsoft's Offline System Sweeper. It creates a CD or USB drive (blank CDs/USB drives provided by you) from which your computer can boot. It then scans your computer and offers to fix any malicious software it finds. This method is particularly effective against really nasty malware, but is also good for checkups. (As with Housecall, you'd want to get the 32-bit version.)

Edited by Andrew, 28 December 2011 - 03:44 PM.


#3 Sonshine131

Sonshine131
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 December 2011 - 09:45 PM

I ran AVG and it found this:

"Infection";"Trojan horse Generic5_c.YKQ";"C:\shop\WGA - Windows Genuine Advantage Validation v1.9.9.1 CRACKED - MoMoXHAcKEr\WGA_1991\WGA_v1.9.9.1_crack.exe";"N/A";"12/28/2011, 12:27:00 AM"

AVG said that it removed it but it is still here. Every time I boot my computer it changes my desk top to blank and ask if I want to fix the Validation now or to "remind me later". I downloaded and run Housecall but it did not find anything.

Thanks for your suggestions.

Sonshine

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,255 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:28 PM

Posted 29 December 2011 - 03:37 AM

All the evidence indicates that you may be running an unlicensed version of Windows. Those notifications you are receiving are not caused by a virus, but rather by Windows itself alerting you to the fact that your copy of Windows appears to be pirated.

You will need to resolve this with Microsoft directly. If you purchased your computer from a dealer who is selling pirated software, Microsoft may grant you a free license for reporting them. Refer to this Microsoft Knowledgebase Article on how to activate Windows XP. If you don't have an active internet connection on the computer, you may also contact Microsoft by phone. Regional phone numbers can be found by following the "How to activate Windows XP by phone" instructions in the above Knowledgebase Article. The phone operators can also help you if you inadvertently purchased a pirated copy.

Edited by Andrew, 29 December 2011 - 03:39 AM.


#5 Sonshine131

Sonshine131
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 29 December 2011 - 11:54 AM

Andrew,

I have had this computer for 3 or 4 years. It is a Toshiba Satellite purchased from "Best Buy". I have used it everyday and have not had this problem until last week. I know "Best Buy" did not install pirated software. It still has all of the Microsoft stickers on the back.

Thank you for your help.

Sonshine

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,255 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:28 PM

Posted 29 December 2011 - 04:23 PM

Validation errors are not unheard of and it's possible that WGA is in error. You still need to contact Microsoft (or Best Buy) to resolve the issue though, since they're the only ones able to help.

#7 Sonshine131

Sonshine131
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 05 January 2012 - 06:13 PM

Andrew,

I carried my computer to "Best Buy". They ran a test and said that it had a virus and that they could fix it if I would pay a $99.00 tech fee and $200.00 to remove the virus. They said that the registry had changed and it was running a different operating system. I can NOT afford this. Can you please help me? Thanks a lot.

Sonshine




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users