VIRUS: transfer activation

[breadandbubbles]

right, so i got a very problematic trojan. it doesnt seem to actually be doing anything, but NOD32 and Norton both have permanently plastered notifications centred on my screen.

so im intending to reformat. t doesnt seem like a big problem to me because i keep all my files and installers well organized. so i can put them on some dvds and away i go. now i have adobe photoshop and ive found a very handy "transfer activation" feature. it closes down the activation on my current pc and brings it to a new pc.

why doesnt Windows have that!!!?

ive read something about copying the wpa.bak file, but apparently theres two files you have to copy? i only found one, and it didnt work when i tried it (i ended up just repurchasing XP)

i dont have that kind of money this time though. so could anyone give me a quick step-by-step on how to do that? will ti work for my Office XP 2003 Proffessional edition too?

...hmm...sorry if im all over the place. i meant to add in there the trojan i have, because it might be easier just to fix the trojan. but i dont thinkso. its apparently called "Trojan.Adclicker"

by clicking on the error message it brings me to a seemingly handy guide to getting rid of it (http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html).

I followed the instructions until it got to the registry edit window. I couldn’t find any files in the editor that matched the corrupt file name from Norton and NOD32. I know that all I have to do is delete the right file from my registry and all will be well, I just…don’t know which one…

Please help?

[suryad]

Wha?

Errr when you reinstall XP all you have to do is reactivate adn definitely not repurchase XP....and if you cant get rid of the trojan then there is no way other than reformatting.

[breadandbubbles]

okay so after like...10 hours of waiting for someone to tell me whether or not i can reformat and not have to reactivate, and if that would work on windows office xp, i decided to move on. because apparently its complicated...i dunno.

so i decided to simply try reinstalling XP. i dno...why not. couldnt hurt to try. im at my wits end. im breaking smashing the thing. id love to reformat it but i DONT KNOW WHETHER OR NOT I HAVE TO REPURCHASE XP.

so i tried reinstalling it. i got a message saying i needed to be administrator. which is weird because im the only account on my pc. then i remembered that for some reason when i boot in safe mode another account appears called "administrator". so i did and...voila. there it is.

so im in safe mode and i reinstall xp. it boots. and...it boots in safe mode. i guess its stuck because to put it in safe mode i ran msconfig and selected safe mode from the boot.ini tab. its the only way i know how to do it.

so it reboots in safe mode. and i get a message that "windows cannot install in safe mode. windows is rebooting"so i click okay. which is the only option.

and it reboots. in safe mode. same message.

so now im completely stuck! endless cycle!

HOW DO I REBOOT WITHOUT SAFEMODE

HOW DO I REFORMAT MY COMPUTER, ONCE I GET ACCESS TO IT, SO THAT I WONT HAVE TO REACTIVATE?WILL IT WORK FOR MICROSOFT OFFICE XP 2003 PROFFESSIONAL?

please...please help me. i need this computer. i need those files!

[CptMurphy]

Okay, have you tried running a virus scan on the PC while in Safe mode? Next, to get out of safemode, at the boot screen push F8. This'll give you the options of whether to go into Safe mode, safe mode with network, normal... and so on. You should proabably pick the option that says "Last known good configuration"

You shouldn't need to repurchase your license since this is what you've bought. All you need to do is reformat ur drive, reinstall XP, activate. You'll proabably get some kind of screen saying that this license has already been activated and they'll take you to a support page or something.

Now, for the backup of the activation: Did you look for the files whilst in the main OS, as in, not in Safe Mode? When you copied the wpa.dbl file, since you don't have wpa.bak, did you rename it to wpa.nonactivated from Safe Mode and than recopy it to the System32 folder? Then rebooted? This shoulda done it.

Good luck.

Edited November 2, 2005 by m3n70r

[Bezalel]

When you activate Windows, the activation clearinghouse should recognize that you are using the same hardware and activate without any problems. After a certain length of time (I think 6 months but cannot get verification) the activation chearinghouse makes the CD-Key available for activation on any hardware. In case you can't activate over the internet you can always activate over the phone.

[Misha]

The 2 files that you need to copy to a floppy or cd are "wpa.bak" and "wap.dbl" they are both in the system32 file. Reinstall windows after installation restart in safe mode and place these files into the system32 file, restart and you should be fine. This only works on the orignal computer the files were created on. Good Luck.

[breadandbubbles]

man...i cant restart in normal mode to access the wpa files. im so scared guys...

prressing F8 didnt do a **** thing. it only provided me with a list of boot options in regards to WHERE i boot from. there were three options: floppy, harddrive, or DVD drive.

is there anyone out there who can tell me how to boot in normal mode? are my files lost?

[cluberti]

To answer a previous poster's question about the clearinghouse, it's 6 months if I remember correctly. You will be able to re-activate XP a few times within that 6 month period as well, as long as the hardware signature stays the same. So yes, you can re-format and re-activate.

[TheFlash428]

OK, relax...

First of all, you mentioned that you were going to backup your needed files to DVD. Did you do that? I assumed since you had already attemped to re-install XP that you would have already done that--and if that is true and you are ready to re-install XP, there should be no reason to have to access your current installation. (does anything happen if you select "harddrive" under the boot menu?--answer this question if you do need to still access your current configuration.)

(FYI: You don't need to use safe mode to access the administator account, just turn off the welcome screen under "Control Panel --> User Accounts" and I believe the option is under "Change the way users logon", or something like that.)

If you are ready to re-install, simply boot to the XP CD. Each computer manufacterer is slightly different on how to access the "boot from" menu from the BIOS (initial boot screen), but it is often F12 (most Dells) F1, F2, or sometimes ESC, and on yours it may just be F8. but anyway, when you see the "boot from" screen, select CD/DVD drive and allow the computer to boot from the XP CD. From there you will be able to reformat the hard drive and reinstall the OS.

And yes, you should not have to re-purchase XP, although you may have to make a phone call to M$, depending on the status of your product key.

Edited November 2, 2005 by TheFlash428

[jim-p]

First of all calm down.Being anxious will force you make more mistaken moves.Nothing is lost unless you format your drive.Clear? OK.

Here we go!

To get you off the "endless cycle" of safe mode:

Log on into windows.It doesn't matter if you are in safe mode or not and it doesn't matter which account you logon with (yours or the administrator one).Look up in C: (root) for a file named boot.ini (it is hidden and sometimes read-only).Make sure it isn't read-only so that you can save the changes later on.You should find this string (or somethiong similar) inside it:

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /safemode

The /safemode part is what makes your pc reboot in safemode over and over.Remove it, save and exit.Reboot and it should boot in normal mode now .This "sideeffect" was caused by you when you checked the /safemode option in msconfig

BTW the menu "floppy, harddrive, DVD drive" appears when you press F8 but it is from your bios.There you should select harddrive, so as to load Windows, and press F8 AGAIN to see the OS options(or just keep tapping it)

(one down, two to go)

The adnimistrator account in normal mode:

Log on with your account and wait a bit for everything to load.Then click start -> logoff.Now you should return to the windows welcome screen where you should see only one username, YOURS.Press CTRL+ALT+DEL once or twice until a "classic logon" screen appears.The one with a username field and a password field below it.That is "classic logon".In username type "Administrator" (without the "", case sensitive) and leave the password field blank.Click OK and you have just logged on as the Administrator!In normal mode!

2 issues about this account

i)This is a built in account, like the "guest" one, but it has the privileges to change EVERYTHING inside windows and it is always active.It is not shown in the welcome screen but it exists there for emergency issues like yours.

ii)Protect it with a password.Since it can change everything,you should be more carefull with it.

(two down, one to go)

About the trojan:

Since you don't want to reformat, download a virus SPECIFIC removal tool from an antivirus site.Most antivirus sites have these.Go search in kaspersky, avg, mcafee, panda, norton, nod32, etc sites.You already know the trojan's name, it can't be so hard to find the proper tool.Another option is to install a third antivirus product, but i think it's too much, you already have two!!

(three down, i hope)

I hope I have helped, even a little bit, to find your way through

I look forward to see what you did.

I am online only 1-2 hours a day, so sorry for the delay

PS: Tell me something nice, I am joining the army on Tuesday!

[breadandbubbles]

Thanks Jim-p and TheFlash for your help, but i wont have access to my PC again until monday. still though i should clarify a few things:

i have most of my files on some DVDs. the most important ones anyway, yes. there are a few id like to have , but mostly i was worried about my wpa files. ive been reassured time and again thanks to the people of this forum taht there nothing to worry about call windows if i have to and all will be well.

still id like to just get rid of the trojan. Jim mentioned searching for something more virus specific. the problem is, when my PC boots up, it does that whole windows loading screen, and instead of a logon screen i get a message. something about windows restarting windows instalation if i remember. then the screen is blck, and in all the corners of the screen the words "safe mode" are in white, with an error message in the middle telling me to press ok to restart becausw windows cannot install in safe mode. i never see my desktop, or get access to my C drive. i click OK and the whole process starts over.

id assumed id been booting from my HDD all along, since it asks me early on whether or not i want to boot from disc, and i dont press any buttons...

also, i dont think i have any options such as logging in anymore, because it had to delete my old windows to install the new one, right? and this new cant finish because im in safe mode.

ill try booting it from harddrive and pressing F8 again to get to the next menu, but i dont think itll work .

the main reason im worried is because of the programs i have on my pc. Adobe Photoshop was expensive (though i received it as a gift), and id love it if i could just transfer my activation. i have other programs, such as Norton, which id rather not have to reactivate...

will i just have to reformat? or might it actually work to just tell it to boot from harddrive?

[jim-p]

Since I will be gone until Monday, I made a search for the virus specific removal tool.

No luck though . I haven't seen "clean" instructions anyware on how to manually remove it from the registy.Everything points to a key in the registry, but which sub-key is the virus one,none says

I have nothing else to say.That's it.I hope that you won't have to format your drive in the end.

I hope to hear something good when I return in 20 days or so

See you

[breadandbubbles]

yea! i read the same thing. i dont know which to delete though...