'Windows Genuine Advantage' Trojan Ransomware

'Windows Genuine Advantage' Trojan Ransomware Description

Windows Genuine Advantage Image 1Although Windows Genuine Advantage is a real anti-piracy Windows component that Microsoft has implemented to prevent computer users from setting up pirated versions of the Windows OS, the 'Windows Genuine Advantage' ransomware message is a scam designed to take advantage of vulnerable or inexperienced computer users. ESG security researchers have received reports of a ransomware infection that targets computer users in Germany. This ransomware infection impersonates Windows Genuine Advantage, claiming that the infected computer's operating system is not a legitimate copy. Like most ransomware threats, the 'Windows Genuine Advantage' ransomware infection blocks access to the computer's files and applications and does not allow computer users to access their own computer until a ransom is paid. ESG security researchers strongly advise against paying the 'Windows Genuine Advantage' ransomware's ransom since there is nothing to assure that doing so will give you back control over your computer. Instead, a reliable anti-malware application must be used to handle a 'Windows Genuine Advantage' Trojan Ransomware infection.

Understanding the 'Windows Genuine Advantage' Trojan Ransomware Scam

The 'Windows Genuine Advantage' ransomware infection is actually not complicated. This malware threat makes changes to the Windows Registry that allows 'Windows Genuine Advantage' ransomware to start up automatically as soon as Windows is launched. The 'Windows Genuine Advantage' Trojan Ransomware infection launches a full screen window that blocks access to the Desktop. This Trojan also has components that block access to the Task Manager, Windows Registry, and other Windows components that could potentially allow computer users to bypass the 'Windows Genuine Advantage' ransomware message. Although these changes are relatively simple to revert, the real challenge is bypassing this malware infection's scam in order to gain access to security software installed on the infected machine. Some characteristics of the 'Windows Genuine Advantage' ransomware message include the fact that 'Windows Genuine Advantage' ransomware is written entirely in German, uses styles and logos that make 'Windows Genuine Advantage' ransomware appear to be an official Microsoft communication, and that 'Windows Genuine Advantage' ransomware asks its victims to pay a fine using a money transfer service.

The main difficulty in dealing with a 'Windows Genuine Advantage' ransomware infection is bypassing this ransomware Trojan's threatening message to access the Windows Registry (for manual removal) or to your anti-malware software. Fortunately, you can do this by starting up Windows in Safe Mode and accessing these components from the Command Prompt. Alternative boot methods, such as starting from a removable drive, can also allow you to bypass the 'Windows Genuine Advantage' ransomware message long enough to remove this Trojan with an anti-malware program of your choice.

Technical Information

More Details on 'Windows Genuine Advantage' Trojan Ransomware

The following messages associated with 'Windows Genuine Advantage' Trojan Ransomware were found:
Windows Genuine Advantage-Benachrichtigungen
Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bem?hens von Microsoft, Softwarepiraterie einzud?mmen.
Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten
Windows Version um eine Originalversion oder Raubkopie handelt.
Leider konnte diese Pr?fung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf
Ihren Computer tempor?r gesperrt.
Als Gr?nde hierf?r gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie).
Windows Genuine Advantage-Notifications
Windows Genuine Advantage-Notifications is a part of the effort by Microsoft to curb software piracy.
This software helps you to determine whether the Windows version installed on your computer is genuine or pirated copy.
Unfortunately, this test could not be completed successfully, so, access to your computer is locked temporarily.
The reasons for this is expired or repeated used of Windows license, and illegally obtained of Windows license (bootleg).