1

I saw another post about something similar, so I added my own comments there, but the conversation started turning more to this one, so I’m starting a new discussion so I’m not hijacking that one.

We have a couple of Windows 7 Professional workstations that are acting weird. The users will log on, and about a minute later a window pops up that says Windows needs activating. We can close the window, look in the system properties, and see that Windows is activated and genuine. The notification will not pop up again until the next time someone logs on - it only comes up once per session.

We have scanned with a number of different programs - SEP 12.1, MalwareBytes, Super AntiSpyware, Ad-Aware, and one or two others that I can’t remember (I’m only one member of a team of 4). We’ve even pulled the drive from at least one of the computers and scanned it in another machine. They’ve come up clean each time.

Because it’s only popping up once per session, it’s just a minor annoyance, but we’d really like a solution to make it go away.

When I saw the other post, removing a particular Windows update (KB:3004394) was a suggestion that came up a number of times, so I tried that, thinking it was a good idea. Nope, that particular update was not installed. I’m wondering if there could be another Windows update that is causing the issue. If anyone can point me in the right direction, I’d sure appreciate it.

Thanks.

7 Spice ups
2

is the desktop blacked out with the build number listed in the lower right hand corner?

3

No, it looks perfectly normal.

4

Do me a favor and check to make sure your services are all running properly, the registration could be failing or parts of the registration services might not be running. Just a guess…

1 Spice up
5

I would say you have NOT failed authentication and that what you see IS tied to something malicious.

One way to test would be to make the install not Authentic and and then reactivate through the proper process.

Do you have the Key available?

Do you want to try this?

If yes to both then run the following commands and reboot:

slmgr /upk

-press Enter

slmgr /cpky

-press Enter

slmgr /rearm

-press Enter

Then active when prompted

If the message still appears then you know for sure that it is not windows. If it never comes back then Windows was really super confused.

2 Spice ups
6

Q. Did you clone these machines using Ghost or similar? I say that because apparently the licensing rules changed with W7 from how it was with XP - you need at least one VLA machine to use as a clone to avoid running into a technical licensing violation, you cannot technically clone an OEM machine.

Alternatively, could the same code have been used on more than one machine?

1 Spice up
7

No, this was true with XP also.

1 Spice up
8

Is there chance that the clock is messed up? After log in it gets synchronized so the error goes away?

1 Spice up
9

I have same issue. I also removed the update and the problem seemed to be corrected until the next reboot occurred. It tells me I do not have a genuine copy of windows installed. I had Microsoft support help me and it was they who removed the update. Has anyone else had this experience and what did you do?

10

could be the update that made windows 7 say it wasnt genuine

11

@MrAdam - I have tried re-authenticated the key as you suggested with no change. Therefore, I’m inclined to agree it’s something malicious, but what that is I’m at a loss to define because of the various scans that have all come up with nothing.

@Briser_fae_the_broch - No, these were not cloned. One just started doing this a couple years after being put in place. The other is a new machine with the HDD from a machine whose MB failed, but is identical hardware. We did have to enter the new license key for the new machine, but the problem started 2-3 weeks after that.

@LarryG - I will check the clocks. The GPO is set up to sync the clocks of all the computers on the domain daily, but how many posts have we seen here about GPO not working as expected? I’ll let you know what I find on this front.

@Christian123 - That was, I believe, the update KB:3004394 that I mentioned above.

12

The clocks on them seem to be right, but that could be the GPO doing its thing. I’ve asked the staff to leave them off in the morning so I can look at the clock in BIOS before it is synced for the day tomorrow.

1 Spice up
13

@Windows 3.11 - All services are running that should be.

14

A long shot, but is the time zone correct? Machine might think it’s the correct time - in Redmond?

15

is the BIOS time correct?

16

You may be fighting this patch.

17

I checked, it’s not the clock.

@RichardT - I’ll check that out, thanks.

1 Spice up
18

That is the one I checked for, as mentioned in the original post. It’s not installed. Thanks for the link, anyway.

19

I also uninstalled that patch and the same issue reoccurred. I was unaware of the patch for the patch and will try that but I don’t know if I trust that or not!

20

I really think this is malicious but i can not find where anyone else has had this issue and it wasn’t the update. if the desktop never goes black and displays the build then I am fairly certain it is not windows doing it.

load Revo uninstaller and see what it displays for installed programs