Home Malware Programs Browser Hijackers 'Windows Activation Pro' Pop-Ups

'Windows Activation Pro' Pop-Ups

Posted: May 16, 2016

Threat Metric

Threat Level: 8/10
Infected PCs: 21
First Seen: May 16, 2016
Last Seen: February 2, 2021
OS(es) Affected: Windows

The 'Windows Activation Pro' pop-ups are technical support hoaxes that imitate Windows authorization messages. These attacks may harvest software keys or initiate additional attacks that could lead to computer users giving money or information to a remote attacker. Malware experts recommend taking several simple steps for stopping these pop-ups from blocking your PC, and then scanning your PC with anti-malware products to remove the 'Windows Activation Pro' pop-ups, along with associated threats.

A 'Microsoft' Message that's Unworthy of Trusting

Although pop-up technical support is a well-liked theme for con artists, these tactics do have room for flexibility in implementation, both by how they trigger and how they format themselves. While malware analysts see the majority of them using in-browser content, others, like the 'Windows Activation Pro' pop-ups, may attack your PC independently from your Web browser. Like most threats of the same style, the 'Windows Activation Pro' pop-ups may insert themselves into your Windows startup process.

This campaign may use a custom Windows screen that may hijack your desktop and block any access to other applications. The interactive pop-up may use formatting mostly identical to that of a standard Windows installation/authorization process. However, the 'Windows Activation Pro' pop-ups also may use slightly atypical phrasings for threat alerts, including inconsistent capitalization, possibly indicating that its con artists are non-native English speakers. Similarly to the real thing, the 'Windows Activation Pro' pop-ups ask you to input your Windows CD key to re-enable your OS and prevent any access to the rest of your desktop until you do so.

This choice of payloads is mildly unusual, but not entirely unique. While most social engineering tactics target a computer user's contact information or bank accounts, the 'Windows Activation Pro' pop-ups could gather legitimate Windows keys and distribute them on the black market. Sufficiently widespread usage of these keys could flag them as being illicit, and lock the original owner out of their purchased Windows installation. On the other hand, these attacks also could be used for gathering additional information after the computer users enter their keys.

Staying Active About Stopping a Fake Windows Activator

While a traditional pop-up attack might load through a hostile website, malware experts have linked the 'Windows Activation Pro' pop-ups to the presence of previously-installed, hostile software. The standard installation process includes Registry changes for launching the 'Windows Activation Pro' pop-ups automatically. Strangely, some samples of these threats have failed to take efforts to block loading applications through keyboard shortcuts (such as Ctrl+Shift+Esc, for Task Manager), but they make all efforts to prevent any casual access via the Taskbar or Desktop shortcuts.

In general, stopping automatically-launching threats should begin with rebooting with the Windows Safe Mode or, when Safe Mode is inadequate, booting from an uninfected resource, such as your USB drive. Use your anti-malware programs to identify and uninstall Trojans loading the 'Windows Activation Pro' pop-ups, which will minimize any potential harm to your OS. Note that malware experts have classified this threat as a memory-persistent one, which does require terminating the threatening memory process before the uninstall process can conclude.

Windows keys, like any other credentials, are of potentially high value to fraudsters. Never provide this information to entities that have insufficiently verified their identities. Regarding threats like the 'Windows Activation Pro' pop-ups campaign, even catching typos in an otherwise-normal warning message can be a very clear sign that the real problem with your PC is the pop-up, itself.

Loading...