A neighbour has asked for help.

He has Windows/XP Professional SP3, with AVG Free 8.5 and Spybot S&D.

He tells me that a couple of days ago he got an alert message telling him his computer was at risk of fraud and suggesting he download some software (chargeable) to fix it. In fact I think it was probably AVG or Spybot and he misinterpreted the message. Thinking this was a scam he repeatedly cancelled the message and then shut the computer down. At which point it appears that Windows Update installed some updates.

When he tried to boot up again he got the Advanced Startup screen offering Safe Mode, Safe Mode with Console etc. Whatever option he tried it came back to the start screen.

Fortunately he has a set of install disks. Based on advice from the person who gave him the PC, we tried a Windows repair install (not the recovery console). That appeared to go OK until the last step, when it tried to reboot Windows. We got the Windows loading screen with 'please wait' in the middle. It stayed this way for over an hour (with no disk activity) so we powered down.

We were then able to boot in Safe Mode.

I tried running AVG but it didn't work and asked for the licence number (which we don't have as it was the free download).

I ran Spybot S&D which found Win32.ZBot and Win32.Agent.pz viruses and after running this a couple more times appeared to have removed them (but having read about them I'm wary about that).

I then downloaded the Avira bootable CD (Linux based) and ran it and found TR/Crypt.ZPACK.Gen viruses (odb.exe and svc.exe), also TR/Fraudpack.vxk. HTML/Infected.Webpage.Gen, JS/Redirector.455, HTML/Malicious.PDF.Gen, HTML/Crypted.Gen viruses. Appeared to have removed them.

Reboot into Safe mode still worked, so I used MSConfig to disable all the startup items and rebooted in normal mode. All seemed well until we logged on, when it said 'A problem has prevented Windows from accurately checking the status of the License for this computer. To proceed your copy of Windows must be activated with Microsoft'. Answering yes to this, the computer just hangs.

So my question is, what to do for the best? Given that we can boot into safe mode then presumably I can copy off the data that we need to keep onto a usb memory stick. I'll plan to do that anyway.

The internet connection from this PC to the router is wireless. If I hard wired it to the router is it any more likely to be able to activate Windows?

So do you think it is possible to recover this PC to a working state. Or do you think I would be better off re-installing Windows?

This may have taught a valuable lesson!

Thanks for reading

If all the data is backed up, a fresh install might be the best route to take. However, we like a challenge here.

It may be that your activation has become "unregistered." Try this solution, posted by Carey Frisch, MS-MVP:

Possible Resolution:

Boot into "Safe Mode" by pressing (F8) during a reboot.

Go to Start > Run and type: regsvr32 regwizc.dll , and hit Enter.

Then go again to Start > Run and type: regsvr32 licdll.dll , and
hit Enter again.

Thanks for responding so quickly.

It will be few days until we can get to try this. Probably the weekend. I'll report back then.

OK...I'll wait for your reply.

Well my neighbour asked someone else to help.

I passed on your suggestion but apparently it made no difference.
So the disk was wiped and XP re-installed and he is now operational.

Thanks for your help anyway.

Such is life.

I'll close this thread and mark it resolved. If you need it reopened for any reason, please PM a moderator or admin.