rjfvillarosa
09-30-2008, 08:05 AM
This was a new one for me.
Saturday morning I had a call from a commercial customer saying that one of his computers was requesting that he activate Windows, this was a bit strange because this machine has been in service for a few years with absolutely no changes having been made to it.
When I got to the office I got them to pull out the original Windows install disks and I ran magicaljellybean on the working machines to make sure the COA sticker on the side of the machine with problems was the correct one (I didn't set these machines up originally).
I clicked on "Activate Windows online now" and my worst fears were confirmed, the Windows activation GUI was telling me that this COA code had already been used too many times (the guy who built these machines has a reputation for copying software and CD keys and selling them on again).
The GUI was giving me the option to reinsert the COA code, with nothing to lose I thought, go for it, Windows activated straight away and everything was fine....:confused:
Thinking it had to be a virus or malware issue I set the machine to download and install malwarebytes and started the resident antivirus (Avast) and malware scanners running. Nothing was found. I went to the programs list to start malwarebytes and thats when I noticed a new program called "regscan". As the other scanners hadn't picked up regscan I decided to leave it alone and see what malwarebytes made of it, again nothing.
I selected uninstall for regscan and as it was uninstalling it informed me that I had something like 450 bad registry entries and if I continued with the uninstall these would be left as they were and would cause me problems, I continued with the uninstall anyway and immediately ran Ccleaner, Ccleaner found 15 bad registry entries and I deleted them.
The machine is now running fine and has been doing so since Saturday afternoon, if you find yourself faced with the Windows Activation GUI for no apparent reason, reinsert your COA key, reactivate Windows if you can and then look to see if you have regscan installed. I practically tortured the office staff and they all pleaded their innocence saying that they hadn't installed it, so I am thinking it might be a "drive by".
The only thing that springs to mind is some how regscan had killed the activation key in the registry.
Regscans website wanted payment to activate their program in order to remove these so called bad registry entries.
I am not going to apologise for my comment about the original builder of these machines because I know he is up to no good.
Saturday morning I had a call from a commercial customer saying that one of his computers was requesting that he activate Windows, this was a bit strange because this machine has been in service for a few years with absolutely no changes having been made to it.
When I got to the office I got them to pull out the original Windows install disks and I ran magicaljellybean on the working machines to make sure the COA sticker on the side of the machine with problems was the correct one (I didn't set these machines up originally).
I clicked on "Activate Windows online now" and my worst fears were confirmed, the Windows activation GUI was telling me that this COA code had already been used too many times (the guy who built these machines has a reputation for copying software and CD keys and selling them on again).
The GUI was giving me the option to reinsert the COA code, with nothing to lose I thought, go for it, Windows activated straight away and everything was fine....:confused:
Thinking it had to be a virus or malware issue I set the machine to download and install malwarebytes and started the resident antivirus (Avast) and malware scanners running. Nothing was found. I went to the programs list to start malwarebytes and thats when I noticed a new program called "regscan". As the other scanners hadn't picked up regscan I decided to leave it alone and see what malwarebytes made of it, again nothing.
I selected uninstall for regscan and as it was uninstalling it informed me that I had something like 450 bad registry entries and if I continued with the uninstall these would be left as they were and would cause me problems, I continued with the uninstall anyway and immediately ran Ccleaner, Ccleaner found 15 bad registry entries and I deleted them.
The machine is now running fine and has been doing so since Saturday afternoon, if you find yourself faced with the Windows Activation GUI for no apparent reason, reinsert your COA key, reactivate Windows if you can and then look to see if you have regscan installed. I practically tortured the office staff and they all pleaded their innocence saying that they hadn't installed it, so I am thinking it might be a "drive by".
The only thing that springs to mind is some how regscan had killed the activation key in the registry.
Regscans website wanted payment to activate their program in order to remove these so called bad registry entries.
I am not going to apologise for my comment about the original builder of these machines because I know he is up to no good.