Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ukash virus and Windows not genuine black screen


  • This topic is locked This topic is locked
15 replies to this topic

#1 sdhusker

sdhusker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 28 December 2013 - 07:45 AM

I was using Firefox on December 26th when my page was redirected to the UKash Scam Website.  I immediately used Ctrl + Alt + Delete to bring up Windows Task Manager and close Firefox (the Internet Explorer page I had open was fine).  I did the following things:

  1. I ran McAfee, Malwarebytes, & Superantivirusspyware.  No viruses or malware were detected. 
  2. I then deleted temporary internet files.
  3. I opened Firefox and no UKash redirect occurred.  I shut down the computer.
  4. The next day I received the Windows Genuine Advantage copy of windows is not genuine warning (below)

A change occurred to your Windows license file

You must re-type your windows product key to activate online

...

The product key looks like this:

Product Key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Where do I find my Windows product key?

Product Key:_______________________________________________

Go online to validate that your software is genuine.

  1. I did not enter a product key.  I just cancelled out. 
  2. Also, had a black screen with the following text “Windows 7 Build 7601. This copy of Windows is not genuine.”  I also get the 0xC004F200 error code.  I’ve been using Windows 7 on this machine for 4 years and have validated the Windows copy, so I do know that it is genuine. 
  3. I used system used system restore to restore the system at a time when there was no virus (Dec 18).  When the system restarted, I received the same black screen and message.  I did system restore again for Dec 11 time point, and still received the same message.
  4. I then booted my computer from a USB using Kapersky Rescue Disk 10.  It ran and found no problems.  I restarted the computer and still get the black screen and not a genuine copy message.  I’ve looked around on the internet for other removal possibilities, but haven’t had much luck finding something I could do on my own.  Any help would be greatly appreciated.
  5. I ran HijackThis and have posted the log file below.  When I attempted to use “Analyze This”, hijack said there was no internet connection.  I have internet access and all my other programs could access it.  I could not find a way to fix this access problem in Hijack this.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:33:21, on 28/12/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16750)

Boot mode: Normal

 

Running processes:

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Wbalance\WBALANCE.EXE

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Windows\CCM\SCNotification.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120402144041.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [BGInfo] c:\bginfo\bginfo.exe /accepteula /ic:\bginfo\\bgdesktop.bgi /timer:0 /silent

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe

O4 - HKLM\..\Run: [LaCie Desktop Manager Launcher] "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"

O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Print Credits.lnk = C:\Program Files\Wbalance\WBALANCE.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://uob-sccm-dp2.adf.bham.ac.uk

O15 - ESC Trusted Zone: http://uob-sccm-dp2.adf.bham.ac.uk

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adf.bham.ac.uk

O17 - HKLM\Software\..\Telephony: DomainName = adf.bham.ac.uk

O17 - HKLM\System\CCS\Services\Tcpip\..\{23C4BB19-DD29-4D55-B3B5-E07C40426E1C}: NameServer = 147.188.128.250,147.188.244.250,147.188.128.2,147.188.128.102

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adf.bham.ac.uk

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = adf.bham.ac.uk,bham.ac.uk

O17 - HKLM\System\CS1\Services\Tcpip\..\{23C4BB19-DD29-4D55-B3B5-E07C40426E1C}: NameServer = 147.188.128.250,147.188.244.250,147.188.128.2,147.188.128.102

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = adf.bham.ac.uk

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = adf.bham.ac.uk,bham.ac.uk

O17 - HKLM\System\CS2\Services\Tcpip\..\{23C4BB19-DD29-4D55-B3B5-E07C40426E1C}: NameServer = 147.188.128.250,147.188.244.250,147.188.128.2,147.188.128.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = adf.bham.ac.uk,bham.ac.uk

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: WPKGLogon - C:\Program Files\wpkg\wpkglogon.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: WPKG Service (WpkgService) - wpkg.org - C:\Program Files\wpkg\WPKGSrv.exe

--

End of file - 11652 bytes


Edited by hamluis, 28 December 2013 - 08:32 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 02 January 2014 - 12:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518838 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2014 - 03:54 AM

Hello,

 

Yes, I am still having the same problem that I've described in detail in my first post.  I have attached the DDS.txt and Attach.txt files as you have requested.  Thank you for the help.

 

 

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 06 January 2014 - 07:12 AM

Hello, and sorry for the delay. My name is Elise and I'll assist you with this issue. 

 

Could you please let me when exactly you receive the message about windows not being genuine? Have you tried to re-enter the key and validate Windows that way? 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 08 January 2014 - 11:36 AM

I receive the message immediately after I log onto the computer, and then I get it periodically (usually 2 or 3 more times) throughout the day. 

 

I have not tried to re-enter the key and validate in case this allowed Malware to steal my validation code for my copy of windows.  I still don't know if that is safe to do. 



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 08 January 2014 - 11:41 AM

Malware can find this information using other methods, besides, it doesn't show up, so I'd recommend you to try to revalidate first. :)


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 09 January 2014 - 05:34 AM

Okay, but I do wonder why I am "suddenly" getting this message after having used Windows 7 for four years and having validated it as genuine (with GenuineCheck) on April 2011. 

 

One other thing I have noticed is that my computer is saying the "Compatibility Pack for the 2007 Office system version 12.0.6612.1000" was installed on 27 December 2013 (the day I had the UKash appear in Firefox).  However, I know that I installed this compatibility pack in 2012 to resolve an issue between Word 2010 and Word 2007.  Could this have caused the system problems in refard to the not genuine message?



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 09 January 2014 - 07:38 AM

No, that shouldn't have caused it. What can happen though is that malware changes a device driver. Microsoft will not let you indefinitely change devices without asking you to revalidate. So if malware created some malicious drivers or infected something like the MBR, after removal Windows will recognize something in the device configuration has been changed and it will ask you to re-enter the product key.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 14 January 2014 - 08:14 AM

Thank you!  I went to microsoft's web page and downloaded the validation checker and ran it, and it worked, so far. 



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 14 January 2014 - 08:55 AM

I'm glad to hear that! :) Do you have any other problem at this point? If not we'll just do a check for malware remnants.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 16 January 2014 - 05:37 AM

I haven't had any problems or anymore messages since I re-validated Windows. 



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 16 January 2014 - 06:11 AM

You have both Kaspersky and McAfee instlaled, this is not a good idea as they will fight each other for control and may cause system performance issues. I strongly recommend to uninstall one of them completely. If you need help with this, please let me know.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u52.
  • Look for "JDK 7u52 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 17 January 2014 - 08:11 AM

Yeah, I had downloaded Kaspersky after I received the UKash message within Firefox, mainly to run another virus/malware scan.  I've uninstalled it, and I have updated Java, but when I go to the link you listed above it downloads Java Version 7 Update 51 (build 1.7.0_51-b13).  There wasn't and Update 52. 



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:40 PM

Posted 17 January 2014 - 08:50 AM

Sorry, that was my fault. :)

Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
    Some more links you might find of interest:Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 sdhusker

sdhusker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 17 January 2014 - 09:02 AM

I've read the above information and I do have automatic updates set for all my software, antivirus, and for Windows, and am behind a hardwall firewall.  Not sure why Java wasn't updating more regularly b/c it was set to automatically update.  Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users