Microsoft: Here's how to halt WGA alerts

TalkBack 33 of 42:

Next »

« Previous

• Thread View
• Flat View

Important! - Read This Please

Background: IT Specialist/Technical Support Engineer

Scenario: No time to fix Mom's computer. I'm a little behind on e-mails as they pertain to Industry news and current issues (by at least a couple of months; too busy). I'm catching up now though. Of course, a little after the fact.

Behavior: System Windows XP Pro, preinstalled by OEM and producing WGA Notification that Windows is not valid (even though it is absolutely genuine without question). System hangs at logoff > Only choice is to Power Off; Turn Off Computer and Log Off options are no longer showing up at all. Result: System is not functioning properly.

Actions Taken: Took the system to my house and hooked up to broadband connection > Issue disappears and is no longer occurring. Resolved another unrelated issue. Took system back to Mom's house and reconnected to her broadband connection (other factors to consider, system is physically connected to a wireless router) > issue reappears. Result: System is now showing that it is logged on to an "Unknown Domain" opposed to "Workgroup" (Very interesting, never experienced this issue before).

Speculation: System has possibly been hacked or compromised in some way (who knows, maybe Mom let something through the Firewall that she shouldn't have?). No time to research behavior fully.

Conclusion/Solution: System is a little over a year old;
Backup/Partition/Format/Reinstall/Update > Issue Resolved (what a pain - so time-consuming). Comment: What about those customers that don't happen to have someone in their Family who is technical and able to help them (major pain point here).

Bottom Line:

A: Unknown. However, pretty clear that installation of WGA Beta Update played a significant role in this matter
R: ErrMsg:"This copy of Windows is not genuine; you may be a victim of software counterfeiting." Other Symptoms: WGAtray.exe and IExplore.exe are attempting to modify physical memory. Do you want to allow this (ZA Firewall notification)? Under ?My Computer? properties ?Computer Name? displays that this computer is connected to an ?Unknown? Domain. System hangs when attempting to Log Off. System must be Powered Off. ?Turn Off Computer? and ?Log Off? are no longer displayed. System is not functioning properly. Connecting to a different broadband connection at another location appears to alleviate all noticeable symptoms.
C: Unknown. Suspect that system has been compromised in some manner, i.e., possibly by a Hacker that has successfully taken control over the system (System was fully up-to=date with certain layers of security in place). Scanning with a multitude of tools produced no results or indications that anything was wrong with the system.
R: Unknown. A specific resolution is unknown, as the root cause has not been determined due to time constraints. Resolution at this time: Backed up all data. Partitioned Hard Drive. Formatted Hard Drive. Reinstalled Windows XP Professional from the original OEM Installation Disk, etc.. Issue Resolved.

Main Concerns (What types of issues may be involved here?):

1. Faulty Beta Software? > Beta Software should never be installed to a production PC. It is for testing purposes only.

2. Permissions Issues?

3. Was the system compromised in some way, or compromised directly by a hacker that could have led to a flag that the Windows Software was no longer genuine (this is a major concern - Hackers could potentially have a hay day with this, and a lot of innocent people could then have a lot of problems as a result)?

4. Other factors, wireless security concerns. Security was set, however, what if something was missed. Wireless configuration can be somewhat of a complicated issue (much more research is needed on my part; Comment: There doesn't seem to be enough time in the day for Technicians to thoroughly learn about all technologies in use today and the time to research issues when something goes wrong (another major pain point); we can only do our best. Perhaps, her roommate who uses the wireless connection for broadband does not have a very secure computer (more than likely) and therefore, inadvertently compromised her system this way?

5. Finally, did the User take some action that inadvertently led to their system being compromised in such a manner? Now days, this is far too easy to have happen. We can only try to educate and protect them so much. Besides, in my opinion, even some of us that are very skilled can also make errors (again, complexity and transparency are contributing factors here). Not to mention the fact, that often you do not even need to take a specific action to become infected in today?s world (with the exception of getting online). Only solution: Stay off the net entirely (?). However, this is not really a feasible option (again, even more complexity involved here).

In closing, it would appear (to me, at least) that there are just to many complexities involved, in order for me to really get to the bottom of this issue. Not to mention, the amount of time that would be necessary to do so. Although I have many years invested in this field (over twenty now), I am more than happy to admit that it is not possible for any one person to know and understand every aspect about everything in the field of Computer Technology. And I am certainly open to any comments by other Technology Professionals, with regard to this issue, that may have strengths in certain areas that I do not possess myself.

In comment to what has happened...I do think we may have a major problem here (I hope not for the sake of all Customer's and Technology Professionals). I hope this is not the tip of the iceberg. Was what happened wrong? I think you can tell from my response that I would concur that it was.

So, what are the main points I'm trying to make here (probably, too many)?:

1) First, if Hackers have found a way to compromise this tool (and, based on experience, this seems likely to happen) this could prove extremely disastrous for all parties concerned;

2) Second, I don't know what the root cause of this issue was, and simply do not have time to figure it out and determine root cause; After all, other people need help with other issues (and I am only one person, no matter how much I would like to know the root cause). Comment: Whenever, some new component is introduced (or changed, for that matter) it adds another layer of complexity and increases the potential for something to go wrong;

3) Third, I am sure I have many more points I am also trying to make, however, I see there is plenty being said out in the community in that regard.

I hope as we progress into the future we, as Technology Professionals, will find a way to better collaborate with each other to solve these ever increasing problems of today. Also, that we will be able to find solutions to complex issues in a manner that is not as time-consuming, and without having to take such an extreme approach (which is also a very time-consuming method) toward issue resolution. Let's face it! FFR is not as quick and easy as it used to be in light of all post-setup configuration, Programs, and Updates (i.e., with respect to security).

P.S. I will also be forwarding this on to Microsoft for review.

Posted by: NightOwlTech   Posted on: 06/28/06 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
• Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
• Building the Virtualized Enterprise with VMware Infrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now