Some Advice Please

quandam · Apr 27, 2009, 10:16:35

This could possibly sound very obvious to most but I have a niggling doubt about a message that popped up last night when I fired up the laptop. A 'request' box from Windows asking to verify my version of their OS. The 'design' was pretty basic and had no recognisable Windows logo. Never seen this before on my PC's or other laptops.

Is it OK? Is it safe to open? Probably not a problem but I was suspicious

Rik · Apr 27, 2009, 10:31:31

You're right to be suspicious, Q. Unless you were involved with an auto-update at the time, I can see no reason why you would get a message like that, so I'd suggest a full virus and malware scan.

quandam · Apr 27, 2009, 11:49:19

Rik

Scan taking place as we type! Thanks.

Rik · Apr 27, 2009, 11:50:02

Sebby · Apr 27, 2009, 13:22:32

I don't suppose you managed to get a screenshot?

Rik · Apr 27, 2009, 13:27:47

It would be interesting to see, wouldn't it.

Sebby · Apr 27, 2009, 13:30:47

It certainly would. I just can't really picture it at the moment.

quandam · Apr 27, 2009, 13:33:00

Quote from: Sebby on Apr 27, 2009, 13:22:32
I don't suppose you managed to get a screenshot?

Sebby

Sorry, didn't think about it at the time

quandam · Apr 27, 2009, 13:37:07

Quote from: Rik on Apr 27, 2009, 13:27:47
It would be interesting to see, wouldn't it.

Rik

Completed the virus scan and Avast found three trojans all attached to downloads from Limewire. Strange, I haven't used Limewire for months now :dunno:Full malware scan being run now, will let you know result after completion.

quandam · Apr 27, 2009, 13:43:04

Chaps

Found the 'title' of the message--'Windows WgaNotify'-- if that's any help?

quandam · Apr 27, 2009, 13:45:14

Sorry, it was 'Windows XP WgaNotify' (sic)

Sebby · Apr 27, 2009, 13:48:13

It sounds like it could be genuine, then. The trojans may just be something else.

talos · Apr 27, 2009, 13:48:16

Microsoft

This may explain

quandam · Apr 27, 2009, 14:02:50

Full malware scan completed showing the usual low risk infections, nothing drastic by the look of things

If it pops up again I will grab a screenshot and post. Thanks for all your help and advice chaps.

Rik · Apr 27, 2009, 15:44:12

This may interest you, Q:

http://www.mydigitallife.info/2006/04/26/disable-and-remove-windows-genuine-advantage-notifications-nag-screen/

quandam · Apr 27, 2009, 16:58:21

Thanks Rik

The one I had was completely different from the one displayed in your link. It did not state that 'This Is Not A Genuine Windows...etc'

It stated that in order to update their security they need to check if my copy of XP was genuine. I still feel that it is dodgy and should be treated with care. Thanks again for your help

Rik · Apr 27, 2009, 16:59:34

Better safe than sorry, Q. Unless you're at the MS update site, I don't believe you should see such a message.

quandam · Apr 28, 2009, 16:59:24

Sorry, trying to add a screen shot re above, having problems

Any help please! It is a png file if that helps.

Rik · Apr 28, 2009, 17:03:06

You need to hit the reply button, Q, not use the quick reply box, then click on Additional Options.

quandam · Apr 28, 2009, 17:27:05

Rik

Hopefully I've cracked it?

The pop up arrived again tonight when firing up the laptop. The screen shot should now be attached.

[attachment deleted by admin]

Rik · Apr 28, 2009, 17:30:13

This would suggest to me that is not kosher, Q:

http://support.microsoft.com/kb/905474

Run MS update manually. If it is an MS message that will trigger it.

Simon · Apr 28, 2009, 17:32:28

It's Microsoft's way of getting you to allow them to check that your version of Windows is legal. If you're at all uncertain about the pop up, you can get the small WGA app from Microsoft direct, and this might be a place to start:

http://support.microsoft.com/kb/905474

Or what Rik said!

Rik · Apr 28, 2009, 17:34:51

Snap!

zappaDPJ · Apr 28, 2009, 17:39:37

I'd also get rid of Limewire. Every PC and laptop I've seen with it installed has been riddled with infections. My daughter recently installed it on her laptop which became unusable within hours despite it having up to date AV software installed.

Rik · Apr 28, 2009, 17:46:08

Thanks, Zappa, sound advice.

Gary · Apr 28, 2009, 17:52:51

I agree with Zappa, tbh if this keeps happening I would reinstall after wiping the drive, its hard to get every infection, you need to wonder if you have any rootkits deep in there? My Ex's laptop was riddled with stuff from Limewire, in the end it was easier to reinstall, it was such a mess, with so many backdoors open letting more in. Hope it does not come to that but personally I would wipe it anyway for piece of mind. If you have a copy of Windows on disc use Dban boot and nuke http://www.dban.org/download run that, it will obliterate anything on your HDD takes an age so, do it over night I think by memory autonuke takes seven passes using a Mersenne twister so for a 400GB drive its about 11 hours to make sure everything is gone forever, at least you know you should be clean that way.

quandam · Apr 28, 2009, 17:53:48

Thanks Guys for some sound advice. I think I will give Limewire the elbow (any other safe suggestions) they have been causing massive problems for a long time now

Thanks for your help

Rik · Apr 28, 2009, 17:54:55

I don't use torrents, Q, but I'm sure you'll get some recommendations shortly.

Simon · Apr 28, 2009, 17:58:26

Quote from: zappaDPJ on Apr 28, 2009, 17:39:37
I'd also get rid of Limewire. Every PC and laptop I've seen with it installed has been riddled with infections. My daughter recently installed it on her laptop which became unusable within hours despite it having up to date AV software installed.

It's not Limewire itself which is the problem, it's what's downloaded using it that causes infections. There is a hell of a lot of malware on the P2P networks, including fake MP3 files, and it's very easy to mistakenly download something you think is genuine, which turns out to be nasty. I use it myself, and always double check everything I download, even what look like genuine MP3s, as you can never be too careful.

Gary · Apr 28, 2009, 17:58:41

I dont use torrents either, to many nasty things happen to friends who do, but as Rik said someone will have some advise of on a better one, Limewire is known to be the devils dangly bits for bad infections as there are so many evils floating around in it you could download

Gary · Apr 28, 2009, 18:02:33

Quote from: Simon on Apr 28, 2009, 17:58:26
It's not Limewire itself which is the problem, it's what's downloaded using it that causes infections. There is a hell of a lot of malware on the P2P networks, including fake MP3 files, and it's very easy to mistakenly download something you think is genuine, which turns out to be nasty. I use it myself, and always double check everything I download, even what look like genuine MP3s, as you can never be too careful.

A friend of mine downloaded what she thought was a old movie classic, (couple of years back) took hours and she ended up with a porno that came with a nasty trojan and its friends, she had to reinstall after that as things kept coming back.

quandam · Apr 28, 2009, 18:10:06

Gary (& Others)

Have elbowed Limewire, I should have done it sooner but just couldn't bring myself to do it. Thanks for your help

Rik · Apr 28, 2009, 18:15:02

Let us know if it solves your problems, Q.

Niall · Apr 28, 2009, 18:51:32

Quote from: Gary on Apr 28, 2009, 17:58:41
I dont use torrents either, to many nasty things happen to friends who do, but as Rik said someone will have some advise of on a better one, Limewire is known to be the devils dangly bits for bad infections as there are so many evils floating around in it you could download

Commons sense generally rules out issues like that. The only problem I've ever seen was for a friend using Azureus. As it's java based, there were a lot of people out there using that as a base for infecting machines with the odd dodgy file in a collection of otherwise legit files, allowing backdoor trojans to spam the hell out of your machine.

Personally I've never had a single problem with torrents.

Sebby · Apr 28, 2009, 21:51:21

Quote from: Rik on Apr 28, 2009, 17:30:13
This would suggest to me that is not kosher, Q:

http://support.microsoft.com/kb/905474

Run MS update manually. If it is an MS message that will trigger it.

Do you mean is kosher? That's definitely a genuine bit of Microsoft software.

Rik · Apr 28, 2009, 23:58:12

The description of the message on the MS site didn't seem to fit Q's screenshot, Seb.

Sebby · Apr 29, 2009, 15:00:25

I've seen the exact same one myself. It's genuine.

Ray · Apr 29, 2009, 15:04:52

Quote from: Sebby on Apr 29, 2009, 15:00:25
I've seen the exact same one myself. It's genuine.

I've seen it as well recently, Sebby, I think it was after an update to the Windows Genuine Advantage software.

Sebby · Apr 29, 2009, 15:06:27

Yep, it was.

Rik · Apr 29, 2009, 15:06:52

I feel deprived now.

Sebby · Apr 29, 2009, 15:07:17

Did you not get it, Rik?

Rik · Apr 29, 2009, 15:07:46

Not lately.

Sebby · Apr 29, 2009, 15:08:48

Ray · Apr 29, 2009, 15:14:18

Quote from: Rik on Apr 29, 2009, 15:07:46
Not lately.

Welcome to the Club.

Rik · Apr 29, 2009, 15:16:29

The bus pas generation, eh Ray.

Ray · Apr 29, 2009, 15:22:03

Quote from: Rik on Apr 29, 2009, 15:16:29

The bus pas generation, eh Ray.

Must be, Rik.

quandam · Apr 29, 2009, 18:07:37

Once again, many thanks for all your efforts. So, if it pops up now I can go for it without any problem? Have to say that it is a very unsatisfactory way for Windows to achieve their genuine ends, the Windows logo is not apparent and simply firing up a laptop and this appearing is, to say the least, disconcerting.

Very disappointed with this method of 'updating' Windows

I do think Windows needs to get this sorted.

However, as usual, IDNetters has come to my aid

Rik · Apr 29, 2009, 18:14:37

Only after we wind you up a bit first, Q.

I have to confess that I haven't seen that screen and was highly suspicious of it.

Gary · Apr 30, 2009, 09:44:22

Quote from: Niall on Apr 28, 2009, 18:51:32
Commons sense generally rules out issues like that. The only problem I've ever seen was for a friend using Azureus. As it's java based, there were a lot of people out there using that as a base for infecting machines with the odd dodgy file in a collection of otherwise legit files, allowing backdoor trojans to spam the hell out of your machine.

Personally I've never had a single problem with torrents.

You are lucky most have had some infection using torrents I know but as you said you can be careful, Its a bit like leaving your door open and saying come in a browse around and leave botulism on all the cups as you leave. I guess seeing the aftermath of torrent disasters has put me off. And there is not much on torrents I want, music I get from Musicstack.com, as I like to own most things and importing from the states is so cheap, or for my breakbeat stuff I buy it from Beatport, at a fraction of the price of shops, and some stuff you cannot get in shops anyway. I get to choose my bit rate format its downloaded instantly, and I know its clean.

Simon · Apr 30, 2009, 13:24:25

Do you still find importing CDs from the States as economical, with the weak pound, Gary? I used to import DVDs all the time, but now find them generally cheaper in the UK.