Fake Windows Genuine Advantage Notifications

Also Known As: WGA Virus
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

How to unblock your computer after fake Windows Genuine Advantage Notifications message?

What is Fake Windows Genuine Advantage Notifications?

Original Windows Genuine Advantage Notifications (WGA) notifies computer users if their copy of the Windows operating system is not genuine. Recently, Cyber criminals began exploiting the name of Windows Genuine Advantage Notifications within their 'ransomware' (a computer infection that locks users' computer screens and demands payment for a copyright violation, sofware update, etc.) Such screen lockers are popular amongst Cyber criminals who design their ransomware using names of authorities and reputable companies. In this way, they make their fake messages appear authentic. Furthermore, these computer infections are configured by country - ransomware is capable of identifying your computer's IP address and thus able to determine the language in which the fake message is delivered.

Our researchers discovered a type of 'Windows Genuine Advantage Notifications' ransomware that targeted Internet users from Germany. In the near future, however, Cyber criminals could translate their deceptive message for distribution to other countries. When fake Windows Genuine Advantage Notifications ransomware infects your computer, you will be unable to access your desktop and a message will state that your copy of the Windows operating system in not genuine. It then presents computer users with two options: to pay 50 Euros for your existing copy of Windows, or; pay 100 Euros and upgrade to Windows 8. Furthermore, this message reports that, after successful payment, you have to wait 12 hours in order to unblock your PC. There are two methods of payment offered: Paysafecard and Ukash. Do not pay anything - it is a scam.

fake Windows Genuine Advantage notification - ransomware screenshot

If you observe messages as presented in the screenshot, or similar, do not pay anything - if you do, you will send your money to Cyber criminals and your PC will remain blocked. Cyber criminals use the payment methods of Ukash and Paysafecard in order to make tracking their activities more difficult. Furthermore, the message states that you have to wait 12 hours before your PC will be unlocked - this time frame is used to clear your money. Ignore the information presented by this fake Windows Genuine Advantage Notifications (WGA) screen, and use this removal guide to unblock your PC.

A message displayed by Fake Windows Genuine Advantage Notifications:

Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bemühens von Microsoft, Softwarepiraterie einzudämmen. Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten Windows Version um eine Originalversion oder Raubkopie handelt. Leider konnte diese Prüfung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf Ihren Computer temporär gesperrt. Als Gründe hierfür gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie). Um den Zugang zu Ihrem PC und den darauf befindlichen Daten wieder zu erlangen, können Sie über das Bezahlfeld eine neue Original-Lizenz erwerben. Um eine Lizenz zu erhalten, erwerben Sie bitte einen Code eines unserer offiziellen Partner Paysafecard oder ukash und geben Sie diesen in das unten vorgesehene Fenster ein und bestätigen Sie mit "OK". Eine Lizenzierung erfolgt automatisch innerhalb der nächsten 12 Stunden, bitte lassen Sie Ihren Computer in dieser Zeit eingeschaltet, damit der Vorgang durchgeführt werden kann. Falls Sie ein Upgrade auf Windows 8 wünschen, ist dies zu einem Einführungspreis von nur 100 € möglich.
Vielen Dank für das in Windows und Microsoft gesetze Vertrauen.

Quick menu:

Fake Windows Genuine Advantage Notifications removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Fake Windows Genuine Advantage Notifications. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.

remover for Fake Windows Genuine Advantage Notifications

If you need assistance removing Fake Windows Genuine Advantage Notifications, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.


After completing these steps, your computer should be clean. Reboot your computer in Normal Mode.

Alternative Fake Windows Genuine Advantage Notifications removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened command prompt type explorer and press Enter. This command will open explorer window. Do not close it and continue to the next step.

3. In the Command Prompt type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Fake Windows Genuine Advantage Notifications.

remover for Fake Windows Genuine Advantage Notifications

If you need assistance removing Fake Windows Genuine Advantage Notifications, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing fake Windows Genuine Advantage Notifications from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Anti-spyware programs known to detect and remove Fake Windows Genuine Advantage Notifications:

Add comment
PCrisk.com is not responsible for the content of the comments.


Security code
Refresh

About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.