‘Windows Genuine Advantage’ Trojan Ransomware

‘Windows Genuine Advantage’ Trojan Ransomware Description

ScreenshotAlthough Windows Genuine Advantage is a real anti-piracy Windows component that Microsoft has implemented to prevent computer users from setting up pirated versions of the Windows OS, the 'Windows Genuine Advantage' ransomware message is a scam designed to take advantage of vulnerable or inexperienced computer users. ESG security researchers have received reports of a ransomware infection that targets computer users in Germany. This ransomware infection impersonates Windows Genuine Advantage, claiming that the infected computer's operating system is not a legitimate copy. Like most ransomware threats, the 'Windows Genuine Advantage' ransomware infection blocks access to the computer's files and applications and does not allow computer users to access their own computer until a ransom is paid. ESG security researchers strongly advise against paying the 'Windows Genuine Advantage' ransomware's ransom since there is nothing to assure that doing so will give you back control over your computer. Instead, a reliable anti-malware application must be used to handle a 'Windows Genuine Advantage' Trojan Ransomware infection.

Understanding the 'Windows Genuine Advantage' Trojan Ransomware Scam


The 'Windows Genuine Advantage' ransomware infection is actually not complicated. This malware threat makes changes to the Windows Registry that allows 'Windows Genuine Advantage' ransomware to start up automatically as soon as Windows is launched. The 'Windows Genuine Advantage' Trojan Ransomware infection launches a full screen window that blocks access to the Desktop. This Trojan also has components that block access to the Task Manager, Windows Registry, and other Windows components that could potentially allow computer users to bypass the 'Windows Genuine Advantage' ransomware message. Although these changes are relatively simple to revert, the real challenge is bypassing this malware infection's scam in order to gain access to security software installed on the infected machine. Some characteristics of the 'Windows Genuine Advantage' ransomware message include the fact that 'Windows Genuine Advantage' ransomware is written entirely in German, uses styles and logos that make 'Windows Genuine Advantage' ransomware appear to be an official Microsoft communication, and that 'Windows Genuine Advantage' ransomware asks its victims to pay a fine using a money transfer service.

The main difficulty in dealing with a 'Windows Genuine Advantage' ransomware infection is bypassing this ransomware Trojan's threatening message to access the Windows Registry (for manual removal) or to your anti-malware software. Fortunately, you can do this by starting up Windows in Safe Mode and accessing these components from the Command Prompt. Alternative boot methods, such as starting from a removable drive, can also allow you to bypass the 'Windows Genuine Advantage' ransomware message long enough to remove this Trojan with an anti-malware program of your choice.

Infected with ‘Windows Genuine Advantage’ Trojan Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect ‘Windows Genuine Advantage’ Trojan Ransomware

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

‘Windows Genuine Advantage’ Trojan Ransomware Image 1

More Details on ‘Windows Genuine Advantage’ Trojan Ransomware

The following messages associated with ‘Windows Genuine Advantage’ Trojan Ransomware were found:
Windows Genuine Advantage-Benachrichtigungen
Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bem?hens von Microsoft, Softwarepiraterie einzud?mmen.
Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten
Windows Version um eine Originalversion oder Raubkopie handelt.
Leider konnte diese Pr?fung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf
Ihren Computer tempor?r gesperrt.
Als Gr?nde hierf?r gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie).
Windows Genuine Advantage-Notifications
Windows Genuine Advantage-Notifications is a part of the effort by Microsoft to curb software piracy.
This software helps you to determine whether the Windows version installed on your computer is genuine or pirated copy.
Unfortunately, this test could not be completed successfully, so, access to your computer is locked temporarily.
The reasons for this is expired or repeated used of Windows license, and illegally obtained of Windows license (bootleg).

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 3 + 6 ?