vista copyright malware

[Aitch65]

My daughter has a computer that had the genuine Vista OS already installed.  She recently had to have it fixed due to a hard disk failure.  The repairer (also genuine and reliable) had to reinstall Vista using the key etc.

Everything worked OK but this week she has started to get a warning about copyright. 

I apologies at this point for inadequate detail but I am trying to get background before I go round there.
I haven't seen it yet but I am suspiscious because it does not ask her to input a key but threatens consequencies if she doesn't take action within 3 days.

I have come across this malware warning on the net and wondered if this cold be the problem

http://www.bleepingcomputer.com/virus-removal/remove-i-q-manager

[Crush]

Hello, and welcome to Computer Hope Forums!

I'm Crush but, you can call me Chris too and I will be helping you with your Malware issues

Please note the following information about the malware forum:

• Only members of the Malware Removal Specialist user group are allowed to give advice on removing malware from your computer. Do not follow the advice of anyone without that user title.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, do this:

Reply to this topic with the word BUMP.

• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Now that we have that out of the way:

    We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

    Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
   

• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
     
• When asked "Do you wish to load the remote registry", select Yes
     
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
     
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
     
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
       
  • Press Run Scan to start the scan.
       
  • When finished, the file will be saved  in drive C:\_OTL\MovedFiles
       
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

[Aitch65]

BUMP
One problem I have at the moment is that I have to travel to my daughters where the offending computer is so I am copying your instructions ready but I may be sometime before replying.

Hopefully I will have access to the forum when I get there when I get there.

[Aitch65]

Thanks Chris
Now that I have managed to get round to my daughters the problem was much simpler than I anticipated.

The messages she was getting were genuine Microsoft messages.  I just needed to enter the Product ID in and that validated the re-install.

I am sure they must do it, but it would be helpful if  when Microsoft promulgate these warnings if they could indicate what might solve the problem without trying to sell a new package.

[Crush]

Hi,

There is an infection which looks very similar to what you're describing. Did it look something like this?

http://www.computersecurityarticles.info/antivirus/windows-%E2%80%9Cactivation%E2%80%9D-ransomware/

I think you need to contact MS, and see if they are doing this. I have heard before of MS locking machines if they find you aren't using a real copy of Windows, or not using a validated copy anyway.

If you give MS your license key, they can track it on their end.

[Aitch65]

You are right about the infection and that is what caused my concern before I checked.

Since then I have had chance to check the machine properely and have gone through all the correct validation procedures and I am sure now that everything is correct.

Microsoft was doing the job correctly, as I said I just wish they would tell one the more obvious solution rather than the marketing solution.

[Crush]

Ok. Glad it was resolved