A friend of mine brought his infected HP laptop to me recently, and I'm busy cleaning up several trojan / adware / spyware / malware type of infections from it.
Once somewhat sanitized I plan to back it up, possibly reinstall from scratch, and install security updates to all the software as much as possible.
For reasons unknown at some point it apparently started coming up with a WGA non-genuine status for the XP Professional OS on it as some point in the past. AFAICT it didn't always do this, and I'm not sure about the correlation of this circumstance with one of the malware infections that may have happened.
He's also got MS Office 2000 on there, and I haven't checked to see whether it thinks it is genuine in OGA or what.
I know that some spyware can compromise Windows / Office keys, though I have no indication whether this may have happened in this case or not.
I'm assuming the MS XP Pro / Office 2000 are legit to begin with. I'm not sure if they're HP OEM factory installs / bundled sales, or if they were purchased distinctly or what. I don't know how to check the OEM or OEM vs. Retail vs. Upgrade status of these easily without downloading / running additional software which I won't of course do while the PC is still being disinfected. Maybe there is a registry way to check or text file somewhere or via the registry Product ID and some web based decoder or so? Any ideas?
Anyway I'm a bit concerned as to what happens if I reinstall this PC, or do something like install XP SP3 or Office SP-whatever. Is it likely it could just fail to activate even when the s/w is legitimately his; does this happen if spyware malware has compromised the product keys through no direct fault of the user?
If it is an OEM bundled install there may exist a recovery disc that'll install pre-activated VLK XP Pro or Office 2000 in which case everything is OK, once I find the recovery disc (which is inaccessible location unknown since he's working on an out-of-state move). There is no recovery partition on the HDD AFAICT, nor could I trust one if there had been one due to the infections AFAIK.
If it is a RETAIL / UPGRADE type of product for the OS / Office, I realize that if I reinstall them from source media they won't be pre-activated through VLK, so, again, I am worried about why WGA and possibly OGA is malfunctioning presently, and if I could make matters worse trying to reinstall / upgrade. I must not do anything that could lock him out of his use of the PC or his legitimate software for any lengthy period.
I've heard of a few horror stories where WGA / OGA breaks and locks people out of their legitimate products without apparently reasonable recourse... so what do I have to be careful of in terms of reinstalls / patch upgrades here.
At least as it is he has access to use the OS / Office (so he told me when last he ran it), and the spyware has been theoretically mostly scanned / removed, and that verification process is ongoing.
I could just leave it like this and have it be "useful" to him, but it would be risky not to reinstall / patch the system to the latest levels, but I don't want to make it worse in doing so.
Ideas? Tips?
Obviously I could image backup the drive now to do a complete restore if something breaks badly, but besides that, what's most likely to work in terms of patching & upgrading without risk / wasted time?
Once somewhat sanitized I plan to back it up, possibly reinstall from scratch, and install security updates to all the software as much as possible.
For reasons unknown at some point it apparently started coming up with a WGA non-genuine status for the XP Professional OS on it as some point in the past. AFAICT it didn't always do this, and I'm not sure about the correlation of this circumstance with one of the malware infections that may have happened.
He's also got MS Office 2000 on there, and I haven't checked to see whether it thinks it is genuine in OGA or what.
I know that some spyware can compromise Windows / Office keys, though I have no indication whether this may have happened in this case or not.
I'm assuming the MS XP Pro / Office 2000 are legit to begin with. I'm not sure if they're HP OEM factory installs / bundled sales, or if they were purchased distinctly or what. I don't know how to check the OEM or OEM vs. Retail vs. Upgrade status of these easily without downloading / running additional software which I won't of course do while the PC is still being disinfected. Maybe there is a registry way to check or text file somewhere or via the registry Product ID and some web based decoder or so? Any ideas?
Anyway I'm a bit concerned as to what happens if I reinstall this PC, or do something like install XP SP3 or Office SP-whatever. Is it likely it could just fail to activate even when the s/w is legitimately his; does this happen if spyware malware has compromised the product keys through no direct fault of the user?
If it is an OEM bundled install there may exist a recovery disc that'll install pre-activated VLK XP Pro or Office 2000 in which case everything is OK, once I find the recovery disc (which is inaccessible location unknown since he's working on an out-of-state move). There is no recovery partition on the HDD AFAICT, nor could I trust one if there had been one due to the infections AFAIK.
If it is a RETAIL / UPGRADE type of product for the OS / Office, I realize that if I reinstall them from source media they won't be pre-activated through VLK, so, again, I am worried about why WGA and possibly OGA is malfunctioning presently, and if I could make matters worse trying to reinstall / upgrade. I must not do anything that could lock him out of his use of the PC or his legitimate software for any lengthy period.
I've heard of a few horror stories where WGA / OGA breaks and locks people out of their legitimate products without apparently reasonable recourse... so what do I have to be careful of in terms of reinstalls / patch upgrades here.
At least as it is he has access to use the OS / Office (so he told me when last he ran it), and the spyware has been theoretically mostly scanned / removed, and that verification process is ongoing.
I could just leave it like this and have it be "useful" to him, but it would be risky not to reinstall / patch the system to the latest levels, but I don't want to make it worse in doing so.
Ideas? Tips?
Obviously I could image backup the drive now to do a complete restore if something breaks badly, but besides that, what's most likely to work in terms of patching & upgrading without risk / wasted time?
Facebook
Twitter