Article ID: 948253 - Last Review: April 8, 2008 - Revision: 3.4

How to remove the "OEM driver" activation exploit and the "grace timer" activation exploit from a Windows Vista-based computer

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

INTRODUCTION

All copies of Windows Vista require activation. However, the OEM driver activation exploit and the grace timer activation exploit bypass product activation. Therefore, they interfere with standard Windows operation. This article describes how to remove the OEM driver activation exploit and the grace timer activation exploit from a Windows Vista-based computer.
Back to the top

MORE INFORMATION

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
Back to the top

How to determine whether an activation exploit is present on the system

If activation exploits are present on the system, Windows Vista displays a dialog box that lists the activation exploits that are detected. To remove these activation exploits, follow the steps in the following sections.
Back to the top

Before you begin

Before you remove the activation exploits, enable the Show hidden files option, and then disable the Hide Protected Operating System Files option. To do this, follow these steps:
  1. On the Windows Vista-based computer, click Start
    Collapse this imageExpand this image
    Start button
    , type Folder Options in the Start Search box, and then click Folder Options in the Programs list.
    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type the password, or click Continue.
  2. In the Folder Options window, click the View tab.
  3. In the Advanced settings area, click Show hidden files and folders.
  4. Click to clear the Hide protected operating system files (Recommended) check box.
  5. Click Yes to confirm that you want to display operating system files, and then click OK.
Note By removing these activation exploits, you may change the licensing state of your copy of Windows Vista. Before you remove these activation exploits, make sure that one of the following conditions is true:
  • You have upgraded the computer to Windows Vista Service Pack 1 (SP1).
  • You have a valid Windows Vista product key.
Back to the top

Remove the OEM driver activation exploit

Note If Windows Vista indicates that the OEM driver activation exploit has been detected, and you cannot locate either the driver file or the registry subkey in the following steps, you must obtain and install a genuine copy of Windows Vista.

To remove the OEM driver activation exploit, follow these steps:
  1. Locate the Royal.sys file in the following folder:
    Drive:\Windows\System32\drivers
    Note Drive represents the drive on which Windows Vista is installed.
  2. Delete the Royal.sys file.
  3. Determine whether the following folder exists on the system:
    Drive:\Windows\System32\DRVSTORE\royal_*<followed by many numbers>
    If it exists, delete the royal_* folder.
  4. Click Start
    Collapse this imageExpand this image
    Start button
    , type regedit in the Start Search box, and then click regedit in the Programs list.
    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  5. Locate the following registry subkey, and then right-click it:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OemBiosDevice
  6. Click Delete to delete this subkey.
  7. Locate the following registry subkey, and then right-click it:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Genuine Advantage\WGAER_M\GenuineInfo
  8. Click Delete to delete this subkey.
  9. Exit Registry Editor.
  10. Restart the computer.
Back to the top

Remove the grace timer activation exploit

Note If Windows Vista indicates that the Grace Timer activation exploit has been detected, and you cannot locate either the driver file or the registry subkey in the following steps, you must obtain and install a genuine copy of Windows Vista.
  1. Locate the TimerStop.sys file in the following folder:
    Drive:\Windows\System32
    Note Drive represents the drive on which Windows Vista is installed.
  2. Delete the TimerStop.sys file.
  3. Click Start
    Collapse this imageExpand this image
    Start button
    , type regedit in the Start Search box, and then click regedit in the Programs list.
    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  4. Locate the following registry subkey, and then right-click it:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimerStop
  5. Click Delete to delete this subkey.
  6. Locate the following registry subkey, and then right-click it:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Genuine Advantage\WGAER_M\GenuineInfo
  7. Click Delete to delete this subkey.
  8. Exit Registry Editor.
  9. Restart the computer.
Back to the top
APPLIES TO
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Microsoft Windows Genuine Advantage
Back to the top
Keywords: 
kbexpertiseinter kbhowto kbinfo KB948253
Back to the top