Hello experts -
I began working with a new client, and several of their machines have had an XP activation hack applied, a service running as reset 5. It seems as if each machine has individual, valid keys, and the hack was applied by a long-gone temporary guy "just in case" the OEM installations might have to be moved to different hardware "some day".
We need to make this right - get rid of the hack, and get these machines activated. Some have run over a year, with entries every day in the event logs complaining that they needed to be activated, but no other noticeable symptoms. WPA won't even start, so to simply activate them now won't work.
I've found several files and registry entries that appear to be related to the hack, and have done some preliminary testing at getting rid of it. I can get the files and services removed, and the registry entries removed so that it doesn't seem like the hack is running, but I cannot get the WPA to work, to go out and activate with MS. I probably have not found all of the files or regedits that this thing has done....
Does anybody know anything about this hack - reset 5 - and how to get rid of it??