How to Detect & Remove Trojan Farfli

Article from : http://www.411-spyware.com/remove-trojan-farfli

How to Detect & Remove Trojan Farfli

What's Trojan Farfli?

Trojan Farfli Threat Level:
Trojan Farfli is a Trojan horse that may download and install other malware and spyware onto your PC, without your knowing. Trojan Farfli may also change your Internet Explorer home page to www.baidu.com/inde_____,
www.kzdh.com, www.7255.com/?g about.blank.la?g, add web browser bookmarks, and Trojan Farfli may change your hosts file. It’s best if you remove Trojan Farfli immediately. You might have gotten infected with from: http://]install1.ring520.org/kk_____, http://]install2.ring520.org/kk_____, http://]install3.ring520.org/kk_____, or http://install4.ring520.org/kk_____.

Do I Have Trojan Farfli?

You can search your computer manually, but it might take hours to find Trojan Farfli’s hidden files. To save time, I recommend you automatically scan your PC for Trojan Farfli and other spyware. Why not? It’s free.

Free Trojan Farfli Scan, with SpyHunter

You can easily detect Trojan Farfli with SpyHunter’s FREE spyware scanner. And if you’re really infected with Trojan Farfli, you can buy the full version of SpyHunter to remove Trojan Farfli and other spyware. Or you can use my instructions below and remove Trojan Farfli for free.
I’m a big fan of SpyHunter. Here’s why: SpyHunter offers live support on the phone, and if SpyHunter doesn’t automatically remove Trojan Farfli, you can get a custom fix for your computer.

How to Remove Trojan Farfli

Your best protection against Trojan Farfli is to remove Trojan Farfli processes, registry keys, DLLs, and other files ASAP.

Get Rid of Trojan Farfli Manually

Manual removal of any spyware can be difficult. When you manually remove Trojan Farfli, you have to fiddle with your registry and risk destroying your PC. It’s highly recommended you use an automatic spyware scanner to make sure you’re infected with Trojan Farfli. Also, I recommend you backup your system any time before editing your registry.
To remove Trojan Farfli manually, you need to delete Trojan Farfli files. Not sure how to delete Trojan Farfli files? Click here, and I’ll tell you. Otherwise, go ahead and…
Stop Trojan Farfli processes:

Delete Trojan Farfli files:

%SYSDIR%\drivers\[random 1].sys
%UserProfile%\Favorites\[chinese characters].url
%SYSDIR%\drivers\[random 2].sys

Delete Trojan Farfli DLLs:

%SYSDIR%\[random].dll

Delete Trojan Farfli registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_[random 2]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[random 2]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random 1]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random 2]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random 2]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IE4\”Main”= [random]

Note: In any files I mention above, “%System%” is a variable referring to your PC’s System folder. Maybe you renamed it, but by default your System folder is “C:\Windows\System32″ on Windows XP, “C:\Winnt\System32″ on Windows NT/2000,” or “C:\Windows\System” on Windows 95/98/Me.
Relatedly, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”).

Trojan Farfli changed your homepage?
Click Windows Start menu > Control Panel > Internet Options. Next, under Home Page, select the General > Use Default. Type in the URL you want as your home page (e.g., “http://www.homepage.com”). Then select Apply > OK. You’ll want to open a fresh web page and make sure that your new default home page pops up.
Recommendation:
To save time and avoid risking destroying your computer, I highly recommend you use a spyware scanner, such as SpyHunter, to detect Trojan Farfli and other spyware, adware, trojans, viruses, keyloggers, and more that can be hidden in your PC. It’s also recommended before you manually remove Trojan Farfli you backup your system.

Free Trojan Farfli Scan, with SpyHunter

Automatically detect Trojan Farfli and other spyware on your PC with SpyHunter’s FREE spyware scan.

How Do I Remove Trojan Farfli Files?

Need help figuring out how to delete files, DLLs, and registry keys? While there’s some risk involved, and you should only manually remove Trojan Farfli files if you’re comfortable and confident editing your system, you’ll find it’s fairly easy to delete Trojan Farfli files in Windows.

How to delete Trojan Farfli files in Windows XP and Vista:

1. Click your Windows Start menu, and from “Search,” click “For Files and Folders…“
2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
3. Type any file name in the search box, and select “Local Hard Drives.”
4. Click “Search.” Once the file is found, delete it.

How to stop Trojan Farfli processes:

1. Click the Start menu, select Run.
2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys ALT + CTRL + DELETE or CTRL + Shift + ESC.
3. Click Processes tab, and find Trojan Farfli processes.
4. Once you’ve found the Trojan Farfli processes, right-click them and select “End Process” to kill Trojan Farfli.

How to remove Trojan Farfli registry keys:

Your Windows registry is the core of your Windows operating system, storing information about user settings, system preferences, and software, including which applications automatically launch at start up. Because of this, spyware, malware, and adware will often bury their own files into your Windows registry so that they automatically launch every time your start up your PC.
Because your registry is such a key piece of your Windows system, you should always backup your registry before you make any changes to it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or registry value, there’s a chance you may need to reinstall your entire Windows operating system. Make sure your backup your registry before editing it.

1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3. To find a registry key, such as any Trojan Farfli registry keys, select “Edit,” then select “Find,” and in the search bar type any of Trojan Farfli’s registry keys.
4. As soon as Trojan Farfli registry key appears, you can delete the Trojan Farfli registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

Computer acting funny after you’ve edited your registry and deleted Trojan Farfli registry keys? Just restore your registry with your backup.

How to remove Trojan Farfli DLL files:

Like most any software, spyware, adware, and malware may also use DLL files. DLL is short for “dynamically linked library,” and Trojan Farfli DLL files, like other DLLs, carryout predetermined tasks. To manually delete Trojan Farfli DLL files, you’ll use Regsver32, a Windows tool designed to help you remove DLL and other files.

1. First you’ll locate Trojan Farfli DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Trojan Farfli DLL file is located. If you’re not sure if the Trojan Farfli DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
3. When you’ve located the Trojan Farfli DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

That’s it. If you want to restore Trojan Farfli DLL file you removed, enter “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

How Did I Get Trojan Farfli?

You may be wondering how Trojan Farfli ended up on your PC. If you’re infected with Trojan Farfli or other spyware, your system’s and web browser’s security settings may be set too low, you may not follow safe web browsing and email habits, and you may need to regularly use a good anti-spyware application. Unsafe computer behavior that may lead to your PC having Trojan Farfli includes:

Freeware or Shareware:
Did you download and install shareware or freeware? These low-cost or free software applications may come bundled with spyware, adware, or programs like Trojan Farfli. Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly and maliciously attached to free software to harm your computer and steal your personal and financial information.

Peer-to-Peer Software:
Do you use a peer-to-peer (P2P) program or other application with a shared network? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Trojan Farfli.

Questionable Websites: Did you visit a website that’s of questionable nature? When you visit malicious sites that are fishy and phishy, Trojans, spyware, and adware may be automatically downloaded and installed onto your computer, sometimes including applications like Trojan Farfli.

It’s important to practice safer online habits to prevent being infected with Trojan Farfli . You may want to scan your computer for the latest version of Trojan Farfli and other security threats.

Detect Trojan Farfli & Other Malware

Is your computer infected with malware?

When you’re infected with malware, whether it’s Trojan Farfli, spyware, adware, trojans, rogue anti-spyware, keyloggers, worms, or viruses, there are a few key symptoms you may experience. If you notice one or more of the symptoms listed below, your PC may be infected with Trojan Farfli or other malware. Continue reading below, or click here for a free malware scan.

Slow computer performance: It only takes one or two spyware parasites like Trojan Farfli to cause your computer to slow dramatically. If your PC takes longer than usual to reboot or if your Internet connection is unusually slow, your computer may be infected with malware.

New desktop shortcuts or switched homepage: Malware like Trojan Farfli may change your Internet settings or redirect your default homepage to another web site. Malware may even add new desktop shortcuts on your PC.

Annoying popups on your PC: Malware may bombard your computer with popup ads, even when you’re not online. Malware may stop your regular Internet activity and track your surfing habits and gather personal information about you, putting your financial and personal information at risk.

Understanding Trojan Farfli & Spyware

If you’re infected with Trojan Farfli and spyware, you should know what you’re fighting. I’ll explain some spyware definitions related to Trojan Farfli.

Trojan Farfli May Be a Trojan

What Are Trojans?

Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often .avi, .pif, .exe, and even .jpg files.) Most Trojans are able to gain complete control over your PC after installation. With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.

Some Trojans may also fall under the category of spyware. Spyware is any software or malware (”malicious software”) used to spy or track your computer activity. While some spyware is legitimately and intentionally installed by parents or employers to monitor Internet activity on a computer, spyware may be installed maliciously. Often spyware may come bundled with downloads of free software or come in the form of a cookie via a website, and this spyware may track your Internet activity or may steal secret account usernames and passwords, credit card numbers, and other personal and financial information.

Methods of Trojan Farfli and Other Trojans Infection

Most trojans infect your computer by tricking you into running an infected application. This infected application could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.

» Email: Your PC may be infected with a trojan when you download infected email attachments, or sometimes even when you simply open an email. Many trojans exploit security holes in Microsoft Outlook. You may be able to reduce your chances of getting infected by a Trojan by using a spam-blocking software.

» Websites: Your PC may be infected with a trojan when you visit a rogue site. Many trojans exploit security holes in Internet Explorer web browser so that by simply visiting a website you may unknowingly download a Trojan.

» Open ports: If your computer runs programs that provide file-sharing functions - such as AOL Instant Messenger (AIM), MSN Messenger, and more - you may open your computer up to vulnerabilities. Using file sharing through these applications may create a network that gives attackers the opportunity to remotely access your computer.

Trojan Farfli may have infected your PC by through one of those methods. Trojans are some of the most sophisticated and dangerous type of malware, capable of controlling your system. Because of this, it may be best if Trojan Farfli and Trojans are removed from your computer immediately.

ShareThis

Trojan Farfli-Related Posts

» No related posts

Trojan Farfli's Threat Level Explained

Trojan Farfli Is a Minor Pest

The parasite isn't a real threat, but Trojan Farfli may track your Internet activities. Trojan Farfli may be easily removed with your Windows system "Add/Remove" function.

Trojan Farfli Is a Pest

The parasite might profile you web activities and may have installed itself onto your PC via a drive-by download. You can probably manually remove Trojan Farfli yourself.

Trojan Farfli Is a Minor Threat

The parasite might profile you and other users of your PC, and Trojan Farfli may send this data back to its parent server.

Trojan Farfli Is a Medium Threat

The parasite might profile you and other users of your PC, and Trojan Farfli may send this data back to its parent server. Trojan Farfli may be impossible to manually remove.

Trojan Farfli Is a Threat

The parasite might profile you and other users of your PC, and Trojan Farfli may send this data back to its parent server. Trojan Farfli may download and install more malware onto your PC, and Trojan Farfli may be impossible to manually remove.

Trojan Farfli Is a Minor Danger

The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. Trojan Farfli may also be difficult to manually remove.

Trojan Farfli Is a Medium Danger

The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. Trojan Farfli may download more malware and also be very difficult to manually remove.

Trojan Farfli Is a Danger

The parasite may profile you, log every keystroke you make, and take snopshots of your computer activity. These logs may be sent to anonymous attacker, and Trojan Farfli may download more malware. Trojan Farfli may be very difficult to manually remove.

Trojan Farfli Is a Major Danger

The parasite may track all of your computer activity, and Trojan Farfli may allow a hacker to access your PC. Trojan Farfli may pipe more malware into your computer, and may disable your anti-spyware or anti-virus software. Trojan Farfli may be very difficult to manually remove.

Trojan Farfli Is an Extreme Danger

The parasite may track all of your computer activity, and Trojan Farfli may allow a hacker to control your computer. Trojan Farfli may pipe more malware into your computer, and may disable your anti-spyware or anti-virus software and firewall, and block your access to anti-spyware sites. Trojan Farfli may be very difficult to manually remove.

IT Notes

Grey Box Testing

In recent years the term grey box testing has come into common usage. This involves having access to internal data structures and algorithms for purposes of designing the test cases, but testing at the user, or black-box level.
Manipulating input data and formatting output do not qualify as grey-box because the input and output are clearly outside of the black-box we are calling the software under test. This is particularly important when conducting integration testing between two modules of code written by two different developers, where only the interfaces are exposed for test. Grey box testing may also include reverse engineering to determine, for instance, boundary values or error messages.

Black box testing

Black box testing treats the software as a black-box without any knowledge of internal implementation. Black box testing methods include: equivalence partitioning, boundary value analysis, all-pairs testing, fuzz testing, model-based testing, traceability matrix, exploratory testing, specification based testing, etc.

White box testing

White box testing, however, is when the tester has access to the internal data structures and algorithms. (and the code that implement these)

Types of white box testing

The following types of white box testing exist:

• code coverage - creating tests to satisfy some criteria of code coverage. For example, the test designer can create tests to cause all statements in the program to be executed at least once.
• mutation testing methods.
• fault injection methods.
• static testing - White box testing includes all static testing.

source - http://en.wikipedia.org/wiki/Software_testing#Black_box_testing

TCP Wrapper is a public domain computer program that provides firewall services for Unix servers. The program was developed by Wietse Venema.
When an unprotected UNIX computer is connected to a network, the computer's system is exposed to other computer users connected to the network. For example, by using the finger utility, a hacker may be able to determine which users are logged on to a given server. It is also possible to find out the identities of individual computers, and various details about their users' recent Internet behavior. A hacker can determine when a workstation is likely to be idle, and then access and use that workstation when it is unattended. TCP Wrapper can act as a firewall to prevent this.
TCP Wrapper monitors incoming packets. If an external computer or host attempts to connect, TCP Wrapper checks to see if that external entity is authorized to connect. If it is authorized, then access is permitted; if not, access is denied. The program can be tailored to suit individual user or network needs.
source - http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci751000,00.html

firewalking

(fīr´wâk-ing) (n.) Developed by Mike Schiffman and David Goldsmith, a technique for testing the vulnerability of a firewall and mapping the routers of a network that sits behind a firewall. Firewalking is a method of disguising port scans. In practical applications, firewalking is similar to tracerouting and works by sending into the firewall TCP or UDP packets that have a TTL set at one hop greater than the targeted firewall. If the packet makes it through the gateway, it is forwarded to the next hop where the TTL equals zero and elicits a TTL "exceeded in transit" message, at which point the packet is discarded. Using this method, access information on the firewall can be determined if successive probe packets are sent.

source :-http://www.webopedia.com/TERM/F/firewalking.html

There are 65535 distinct and usable port numbers

Port 135-139 = SMB

SMB ?

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.

Error Message: Procedure Entry Point Not Found in Msvcrt.dll File

SYMPTOMS

When you start Windows XP, you may receive an error message that is similar to one of the following:

Lsass.exe: Entry Point Not Found

The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.

-or-

Services.exe: Entry Point Not Found

The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.

After you press OK, a blank desktop appears on the computer screen. The pointer may be present and working. However, there is nothing to click, and the keyboard does not work.

CAUSE

This issue may occur if you replaced the Msvcrt.dll file with a third-party version that does not contain the _resetstkoflw (recovery from stack overflow) function.

RESOLUTION

To resolve this issue, use the Windows XP Recovery Console to replace the Msvcrt.dll file with the original version. To do this, follow these steps:

1.	Insert your Windows XP CD-ROM into the computer's CD-ROM drive or DVD-ROM drive, and then restart your computer from the CD-ROM. NOTE: Some computers may require that you modify the basic input/output system (BIOS) settings before you can start the computer from a CD-ROM. For information about how to modify BIOS, see your computer documentation.
2.	At the Welcome to Setup screen, press R to start the Recovery Console.
3.	Press the number key that corresponds to the installation that you want to repair, and then press ENTER.
4.	Type the Administrator password, and then press ENTER.
5.	With the Windows XP CD-ROM still in the CD-ROM drive or DVD-ROM drive, type the following commands, pressing ENTER after each command: • cd system32 • ren msvcrt.dll msvcrt.old • CD-ROM_or_DVD-ROM_Drive_Letter: • cd \i386 • expand msvcrt.dl_ BootDriveLetter:\windows\system32 • exit NOTE: BootDriveLetter refers to the drive letter of the boot drive. In other words, it refers to the drive where the Windows folder is located, which is probably drive C. CD-ROM_or_DVD-ROM_Drive_Letter refers to the drive letter of the CD-ROM or the drive letter of the DVD-ROM drive. The CD-ROM drive or the DVD-ROM drive are frequently located in drive D.

NOTE: The retail version of the Msvcrt.dll file is dated 23-Aug-2001. It was included with Windows XP and has the following properties:

Modified 8.23.01
Size - 315 KB (322,560 bytes)
Version - 7.0.2600.0

MORE INFORMATION

This version contains the _resetstkoflw function.

To view the functions in a .dll file, use the Dependency Walker utility (Depends.exe), which is available with Windows XP Support Tools. To install Windows XP Support Tools, insert your Windows XP CD-ROM in the CD-ROM or DVD-ROM drive, click Start, click Run, type CD-ROM_or_DVD-ROM_Drive_Letter:\Support\Tools\Setup.exe in the Open box, and then press ENTER.

OCS Inventory ERROR: can't write in directory (on dbconfig.inc.php)

1. Find the correct path for the dbconfig.inc.php - use this command

cd
cd ..
find / -name dbconfig.inc.php

Ok for me,it will return the path here :-

/usr/share/ocsinventory-server/ocsreports/dbconfig.inc.php

After that u just use this command to change it right

cd /usr/share/ocsinventory-server/ocsreports/
chmod 666 dbconfig.inc.php

Ok .. Please try and give the feedback here :

Thank You

Setup LAMP + OCS Inventory

Apache

Install Apache

sudo apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

Testing HTTP Server by open a web browser and enter http://localhost

PHP

Install PHP5

sudo apt-get install libapache2-mod-php5 libapache2-mod-ruby php5
php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick
php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming
php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy

php5-xmlrpc php5-xsl

Stop/Restart Apache

sudo /etc/init.d/apache2 restart

Test the installation

sudo gedit /var/www/testphp.php

Insert this following line into testphp.php file.

Save this new file.
Open a web browser and enter http://localhost/testphp.php
Be sure to remove the file afterwards, as it may pose a security risk.

sudo rm /var/www/testphp.php

MySQL

Install MySQL Server

sudo apt-get install mysql-server mysql-client libmysqlclient15-dev

MySQL initially only allows connections from the localhost (127.0.0.1). We’ll need to remove that restriction if you wish to make it accessible to everyone on the internet. Open the file /etc/mysql/my.cnf

sudo vi /etc/mysql/my.cnf

Find the line bind-address = 127.0.0.1 and comment it out then save the file.
MySQL comes with no root password as default. This is a huge security risk. You’ll need to set one. So that the local computer gets root access as well, you’ll need to set a password for that too. The local-machine-name is the name of the computer you’re working on.

mysqladmin -u root password newpassword
mysqladmin -h root@local-machine-name -u root -p password newpassword
sudo /etc/init.d/mysql restart

MySQL for Apache HTTP Server

sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin

To get PHP to work with MySQL, open the php.ini file

sudo vi /etc/php5/apache2/php.ini

You’ll need to uncomment the “;extension=mysql.so” line so that it looks like this

extension=mysql.so

Restart Apache

sudo /etc/init.d/apache2 restart

Get Ride Patches XP

There is a lot of cracks or patches or fixes that aims to bypass or skip Windows Genuine Advantage (WGA) validation process, or trick the WGA validation results to be always genuine. However, these workarounds do not address the fundamental issue of the problem - that’s the product CD key or volume license key (VLK) registered in your copy of Windows XP, Windows XP Media Center Edition (MCE) and Windows Server 2003 is invalid or has been blocked or banned by Microsoft. The following ultimate WGA Patcher Permanent Kit with cracks and procedures all-in-one package will convert and transform the pirated Windows operating system into genuine and legitimate OS when validate by Microsoft’s WGA, by changing the serial number, product key or VLK of the Windows with a valid CD key, and when necessary, apply patch.

1. Download WGA Patcher Permanent Kit (WPatcherP5575987.zip) (link removed due to complaint from Microsoft) or GenuineWindowsPatcher.zip (download removed due to complaint from Microsoft) which contains Magical Jelly Bean Keyfinder v1.51 (keyfinder.exe), Microsoft Genuine Advantage Diagnostics Tool 1.5.0717.0 (MGADiag.exe), wga-hosts-fix 0.1 (wga-fix.exe), and Windows XP, Windows Server 2003 VLK key generator (MSKey.exe or Windows XP Keygen.exe).
2. Extract the zip file.
3. Run the Windows XP/2003 key generator (MSKey.exe or Windows XP Keygen.exe).
4. In the key generator, under the Product Family, select “Windows XP Pro. VLK”, and click the “Generate” button to generate a valid and genuine serial key for Windows XP (choose Windows Server 2003 VLK for Windows 2003). If key generator doesn’t work, try to find a product key on web.
5. Note down the product key or serial that is generated (can leave the program opens). The idea is to get VLK key that yet to be blocked or unknown to Microsoft.
6. Execute Magical Jelly Bean Keyfinder (keyfinder.exe). If you having problem with Keyfinder, you can use any other Windows key changer listed here, such as RockXP and KeyFinder Thing.
7. Once launched, Magical Jelly Bean Keyfinder will display the existing Windows and Office product key in the system. Select “Microsoft Windows” tab (open by default), and click on Options menu, and then select “Change Windows Key”.
8. In the Change Microsoft Windows XP Key window, key in the product key or serial number generated from the keygen program in the boxes.
9. Click on Change button when done.
10. Magical Jelly Bean Keyfinder will use Microsoft’s WMI script to change the product key of Windows XP. Follow on screen instruction to continue.
11. Run wga-fix.exe program. Click on Yes button on the ‘wga-host-fix 0.1 window’ to redirect WGA authorization and validation request to loopback address (127.0.0.1). Alternatively, open Command Prompt, and navigate to \Windows\System32\drivers\etc\ directory, edit the Hosts file, and add in the following entry to the end of the file:127.0.0.1 mpa.one.microsoft.com
12. Uninstall or delete any cracked or patched LegitControlCheck.dll, WgaTray.exe and WgaLogon.dll located in \Windows\System32 folder. You may also need to delete “Windows Genuine Advantage Validation Tool” located in C:\Windows\Downloaded Program Files\ folder.
13. Go to Windows (Microsoft) Updates or Microsoft Download Center to download updates or applications in which require validation. Install WGA Validation Tool ActiveX when prompted. (Note: If you’re having problem to validate Windows with MGADiag.exe in later process, you still skip previous and this step first or apply the patched LegitCheckControl.dll again, which means leave the patch and crack intact, and only come back to delete any crack or patch, and install original WGA validation tool later. This especially true if you have LegitCheckControl.dll 1.5.723.1 with MGDIAG.exe 1.5.0717.0)
14. Run the Microsoft Microsoft Genuine Validation Diagnostic Tool (MGADiag.exe), and click on Continue button to proceed.
15. Click on OK when MGADiag finishes processing and displays your genuine status. The status should show GENUINE, and not NOT ACTIVATED.

Step 6 - 10 can also be done without using any hacker tool, by using Activation Wizard following official tutorial from Microsoft on how to change the Volume Licensing product key on a computer that is running Windows XP SP1 and later versions of Windows XP detailed as below.

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. In the left pane, locate and then click the following registry key:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current Version\WPAEvents
4. In the right pane, right-click OOBETimer, and then click Modify.
5. Change at least one digit of this value to deactivate Windows.
6. Click Start, and then click Run.
7. In the Open box, type the following command, and then click OK.%systemroot%\system32\oobe\msoobe.exe /a
8. Click Yes, I want to telephone a customer service representative to activate Windows, and then click Next.
9. Click Change Product key.
10. Type the new product key in the New key boxes, and then click Update. If you are returned to the previous window, click Remind me later, and then restart the computer.
11. Repeat steps 6 to verify that Windows is activated. You receive the following message:Windows is already activated. Click OK to exit.

Shortcut to Genuine Windows without Any Crack
Unable to download the crack? Or afraid that the cracks of keygen and key changer contains virus or trojan? You can simply add in the entry in step 11 (i.e. 127.0.0.1 mpa.one.microsoft.com) into your Hosts file if VLK key of your Windows installation has PID within the range of -640 to -641 or any other volume license product key that is not blocked. You can try it anyway no matter what product key you used to see if it working with existing CD key without changing the key.
Note: This shortcut by using wga-fix.exe or manually editing the Hosts file should works out of the box immediately on Windows XP Media Center Edition (MCE) 2005 and Windows XP Tablet PC Edition, and by luck on Windows XP Home, XP Professional and Windows 2003.

1. Simply remove and delete the crack or patch that has been applied in \Windows\System32 (LegitCheckControl.dll, WgaLogon.dll, WgaTray.exe) or \Documents and Settings\All users\Application Data (sub-folders “Windows Genuine Advantage” and “Office Genuine Advantage”)
2. Go to Windows (Microsoft) Updates or Microsoft Download Center to access Windows updates or download applications that require validation. Install WGA Validation Tool ActiveX when prompted.
3. Add in the “127.0.0.1 mpa.one.microsoft.com” to the Hosts file located in \Windows\System32\drivers\etc\ folder. Or alternatively, just execute wga-fix.exe (download link removed due to complaint from Microsoft) contained in the WGA crack archive package.
4. Run MGADiag.exe to validate the Windows is genuine.

After applying this trick or hack, Microsoft WGA Validation Tool will treat the Windows as genuine, as in you legally purchase and buy the Windows OS. Users can access to Windows Updates or Microsoft Updates, download WGA validation required software products from Microsoft Download Center such as as Windows Defender, WMP11, IE7, DirectX and etc, and also to install these programs with proper validation without any cracks. This hack or trick should works on Windows XP, Windows XP Media Center Edition (MCE), and even Windows Server 2003, and users can pick any browsers they like, including IE6, IE7, Firefox, Netscape or web browser powerd by IE such as MSN Explorer or AOL Explorer.
If you still having problem with this method, try out other WGA bypass methods.
Disclaimer: This article is for educational and informational purpose only. If you’re having problem with your Windows validation, contact Microsoft.
Share and contribute or get technical support and help at My Digital Life Forums.