'Windows Activation Pro' Pop-Ups
Posted: May 16, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 21 |
First Seen: | May 16, 2016 |
---|---|
Last Seen: | February 2, 2021 |
OS(es) Affected: | Windows |
The 'Windows Activation Pro' pop-ups are technical support hoaxes that imitate Windows authorization messages. These attacks may harvest software keys or initiate additional attacks that could lead to computer users giving money or information to a remote attacker. Malware experts recommend taking several simple steps for stopping these pop-ups from blocking your PC, and then scanning your PC with anti-malware products to remove the 'Windows Activation Pro' pop-ups, along with associated threats.
A 'Microsoft' Message that's Unworthy of Trusting
Although pop-up technical support is a well-liked theme for con artists, these tactics do have room for flexibility in implementation, both by how they trigger and how they format themselves. While malware analysts see the majority of them using in-browser content, others, like the 'Windows Activation Pro' pop-ups, may attack your PC independently from your Web browser. Like most threats of the same style, the 'Windows Activation Pro' pop-ups may insert themselves into your Windows startup process.
This campaign may use a custom Windows screen that may hijack your desktop and block any access to other applications. The interactive pop-up may use formatting mostly identical to that of a standard Windows installation/authorization process. However, the 'Windows Activation Pro' pop-ups also may use slightly atypical phrasings for threat alerts, including inconsistent capitalization, possibly indicating that its con artists are non-native English speakers. Similarly to the real thing, the 'Windows Activation Pro' pop-ups ask you to input your Windows CD key to re-enable your OS and prevent any access to the rest of your desktop until you do so.
This choice of payloads is mildly unusual, but not entirely unique. While most social engineering tactics target a computer user's contact information or bank accounts, the 'Windows Activation Pro' pop-ups could gather legitimate Windows keys and distribute them on the black market. Sufficiently widespread usage of these keys could flag them as being illicit, and lock the original owner out of their purchased Windows installation. On the other hand, these attacks also could be used for gathering additional information after the computer users enter their keys.
Staying Active About Stopping a Fake Windows Activator
While a traditional pop-up attack might load through a hostile website, malware experts have linked the 'Windows Activation Pro' pop-ups to the presence of previously-installed, hostile software. The standard installation process includes Registry changes for launching the 'Windows Activation Pro' pop-ups automatically. Strangely, some samples of these threats have failed to take efforts to block loading applications through keyboard shortcuts (such as Ctrl+Shift+Esc, for Task Manager), but they make all efforts to prevent any casual access via the Taskbar or Desktop shortcuts.
In general, stopping automatically-launching threats should begin with rebooting with the Windows Safe Mode or, when Safe Mode is inadequate, booting from an uninfected resource, such as your USB drive. Use your anti-malware programs to identify and uninstall Trojans loading the 'Windows Activation Pro' pop-ups, which will minimize any potential harm to your OS. Note that malware experts have classified this threat as a memory-persistent one, which does require terminating the threatening memory process before the uninstall process can conclude.
Windows keys, like any other credentials, are of potentially high value to fraudsters. Never provide this information to entities that have insufficiently verified their identities. Regarding threats like the 'Windows Activation Pro' pop-ups campaign, even catching typos in an otherwise-normal warning message can be a very clear sign that the real problem with your PC is the pop-up, itself.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.