'System Activation Key Has Expired' Pop-Ups

By GoldSparrow in Adware

Translate To:

The 'System Activation Key Has Expired' pop-up windows are generated by phishing pages such as hxxp://security43[.]xyz/main.php. The hxxp://security43[.]xyz domain is associated with the 132.148.16.170 IP address, which is used by fake computer support companies to promote their services. The 'System Activation Key Has Expired' pop-ups feature misleading messages, fake security reports, insecure login requests, and abuse the Google Inc. resources to trick Web surfers into calling toll-free phone lines like 888-648-1549, 877 670-2749 and 800-090-3289. Computer security researchers reported that the 'System Activation Key Has Expired' windows are styled to look like legitimate warnings from Google Inc. and mention cyber threats such as RDN/YahLover.worm!055BCCAC9FEC to scare users. The pages associated with the 'System Activation Key Has Expired' scam produce full-screen message colored in red and a login request on top of the following message:

'Your computer has been Locked
Your computer with the IP address [your real IP address] has been infected by the Virus
RDN/YahLover.worm!055BCCAC9FEC -- Because System Activation KEY has expired & Your information (for example, passwords, messages and credit cards) have been stolen.
Call the Technical Support number +1-888-648-1549 to protect your files and identity from further damage.'

The IP address of hxxp://security43[.]xyz has been related to computer support tactics as early as July 2016, and PC users should not follow the instructions listed on the connected pages. Also, the 'System Activation Key Has Expired' pop-ups may be accompanied by an audio recording saying that Microsoft has blocked the user’s computer access until a new activation key is purchased through a call to the listed number. Phone lines like 888-648-1549, 877 670-2749 and 800-090-3289 are not managed by certified Microsoft Corp. partners and don’t offer reliable repair services. It is recommended to terminate the pages associated with the 'System Activation Key Has Expired' Scam and use the Windows Task Manager if necessary to restart the Web browser. AV engines may show alerts related to the 'System Activation Key Has Expired' pop-ups and list the following names:

HTML.Trojan.Agent.RXTAOC
HTML.Trojan.FakeAlert.x
HTML/FakeAlert.DQ
Html.Troj.Agent!c
Rogue:JS/TechBroloba.B
Trojan.HTML.FakeAlert

We are aware that there are dozens of clones of hxxp://security43[.]xyz hosted on the 132.148.16.170 IP address. Therefore you may wish to block the IP address via your cybersecurity product. A short list of recently discovered clones can be found below:

hxxp://pc-scan-130[.]win
hxxp://security10s[.]tk/main/index2.html
hxxp://security110[.]xyz/chrm
hxxp://security1129[.]xyz/chrm/index2.html
hxxp://security1s[.]tk/chrm/index2.html
hxxp://security83[.]xyz/main/index2.html
hxxp://security93[.]xyz/main
hxxp://security9s[.]tk/chrm/index2.html
hxxp://www.security66[.]xyz/main

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

'System Activation Key Has Expired' Pop-Ups

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen