seth1066

Same thing here, locks out the normal desktop, hides the user settings, blocks task mgr. Client bought the machine second hand and didn't want me to reinstall the O/S because it came with some good software (no disks, of course). I'm going to reinstall the O/S from scratch, unless he wants his credit card data to end up in East Beserkistan the next time he buys something online.

I did that, but I don't know what other malware may have been installed. Currently, it has blocked MSSE from being implemented from any account, which leads me to believe there is something else on there. Before I deleted the infected user account, I ran the Kaspersky Rescue disk with fresh updates, which is a CD loaded O/S that scans the hard disk. It found nothing

My client got it on 16 May 2011 which leads me to the conclusion that, for now, google reflects websites created by the authors of the malware. I tried the second one that you listed, it's pay-to-fix. It's only day 3, so none of the major anti-virus software players have anything on this, yet.

Anyone hit with this one? This incarnation calls itself, "Windows Activity Inspector." Looks very slick and comes complete with Microsoft logo. Client had me out to fix it, but I'm more hardware than software. A Google of "windows activity inspector" turned up zero hits from any recognizable website, but plenty of ones I never heard of offering a free scanning tool. The tool allegedly finds the threats, but doesn't remove them with out a payment. Very slick operation, build the fake anti-virus and have already googled to the top a bunch of sites that are likely authored by the same people. I guess I'm going to have to wait a few days to get a solution, since this thing is only 48 hours old. The client wanted to just pay until I told him his credit card will be charged in a former eastern block country for a much larger amount and then sold. If anyone has a solution, please post!

This scenario has worked also on 1 other machine before "Box A." But I'm a believer and I'll start over with an XP sandbox or PC. Good excuse for trying out VirtualBox which just won a poll in LifeHacker's HiveFive:http://lifehacker.com/5715803/best-virtual-machine-application-virtualbox Thanks, -X-, much, much appreciated.

XP Pro and a stand alone SP3 file. LAST SESSION.INI

The OS is XP Pro SP2 with SP3 slipstreamed into nLite. "You then used PowerISO to edit winnt.sif (changing the CD key) in ISO above. Burned this ISO and attempted to install on box B. It stopped at the CD key screen of setup and said invalid key." Correct. Didn't try key code "A" at that point in the install. Then I used the OEM disk (without nLite) and did a successful fresh install from scratch on Box B using B key code just to verify that it wasn't a CD key compatibility issue, so key code "B" is good for my nLite XP Pro source CD.

Invalid key code (not sure this is the exact wording because, post nLite install failure, I installed direct from the OEM disk to make sure it was not an incompatible key problem on the 2nd box which came from a different source).

LAST SESSION_U.INI & winnt.sif I'm thinking what the real solution suggested is in the XP Pro file, change the CD Key in LAST SESSION_U.INI, which will use be used by nLite with the new CD Key when it burns the iso image.

Please confirm that you restart with the original MS-XP files and load "modified" Last Session.ini, and not take your resulting files and re-run nLite loading modified ini file. + not all OEM keys work with all OEM cds. Didn't re-run nLite, I modified the two files within the first iso produced which you can do with the PowerISO burning software.

I'm using PowerISO so I just copied those two files to a different directory and in PowerISO deleted them from the .iso file list (the one shown before burning) and replaced each of them with the new ones with that boxes designated CD Key. Still got an invalid error. Thinking maybe it was a key that was for a retail install. I loaded the straight OEM disk and it installed fine.I'd like to get this to work so each box will have its own key code specific "recovery" disk. Where am I going wrong? Rereading your suggestion, where whould I plug these new key values in prior to rebuilding the ISO, with nLite?

I recently acquired four PC's from a local government surplus sale to upgrade the family's aging W2K boxes. Two were missing hard drives and the other two had the drives wiped clean. All four have legitimate XP Pro COA stickers with key. I have a factory MS OEM XP Pro CD. Is there some way to modify the setup files in the nLite .iso to reflect the key for each computer without having to go through the entire nLite process? IOW, I set up the first PC and was thinking I could change the "CDKey =" entry in LAST SESSION_U.INI to the next PC's key code, burn that CD and repeat for the rest. This didn't work for the second PC. Is there a way to accomplish this?