Blog
Anand Yadav

“TrojanBanker.Activator.a” Fake Windows Activation

August 1, 2011
0
Estimated reading time: 2 minutes

A new infection has been spreading on the Internet targeting Windows users. In fact, it is a Trojan horse that pretends to be a Windows Activation program. Once infected, you will receive a professional looking screen simulating Microsoft Windows Activation which will state that you need to re-activate your Windows OS. The program will also ask you to enter your name, contact information and credit card details. Revealing your credit card information is a huge mistake as you will end up losing your money.

Here is the warning message that appears, which says your copy of Windows OS was activated by another user and then asks for your billing details to check the authenticity.

If you select the option “No, I will do it later” nothing happens so you are forced to click on the first option.

Once infected, the file is located in %APPDATA% with the name “services.exe”.

If you try to terminate this fake Windows Activator you get a BSoD (Blue Screen of Death).

The Trojan will not give up until you enter your private data there and as soon as you give access to your bank account your credit card will be charged.

Quick Heal detects this malware as TrojanBanker.Activator.a.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image