How to unblock your computer after fake Windows Genuine Advantage Notifications message?
Original Windows Genuine Advantage Notifications (WGA) notifies computer users if their copy of Windows operating system is not genuine. Recently Cyber criminals started exploiting the name of Windows Genuine Advantage Notifications in their ransomware - a computer infection that locks user's computer screen and asks to pay for some copyright violation, update etc. Such screen lockers has become very popular among Cyber criminals, they are designing their ransomware using names of authorities and reputable companies in this way making their fake messages appear more legitimate. Furthermore such computer infections are targeted by country - ransomware infections are capable of identifying your computer's IP address and using this information they determine which language should be presented in the fake message which blocks user's computer.
The ransomware of Windows Genuine Advantage Notifications which our researcher came across were targeted at Internet user's from Germany but in the near future Cyber criminals could translate their deceptive message and could distribute it to other countries. When this fake Windows Genuine Advantage Notifications ransomware infects your computer you won't be able to access your desktop and the message will state that your copy of Windows operating system in not genuine. This ransomware presents computer users with two options - to pay for your Windows copy 50 euro or to pay 100 euro and upgrade to Windows 8. Furthermore this message states that after a successful payment you will have to wait 12 hours to unblock your PC. To pay this fake fine you are presented with two options - Paysafecard and Ukash. You shouldn't pay anything - it's a scam.
If you see similar message as in the presented screenshot you shouldn't pay anything - if you do you will send your money to Cyber criminals and your PC will still be blocked. Cyber crminals are using the payment methods of Ukash and Paysafecard to make their tracking more complicated, furthermore the message states that your have to wait 12 hours until your PC will be unlocked - this time frame is used to cash in on your money. You should ignore the information presented in this fake Windows Genuine Advantage Notifications (WGA) screen, use this removal guide to unblock your PC.
Message shown in Fake Windows Genuine Advantage Notifications:
Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bemühens von Microsoft, Softwarepiraterie einzudämmen. Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten Windows Version um eine Originalversion oder Raubkopie handelt. Leider konnte diese Prüfung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf Ihren Computer temporär gesperrt. Als Gründe hierfür gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie). Um den Zugang zu Ihrem PC und den darauf befindlichen Daten wieder zu erlangen, können Sie über das Bezahlfeld eine neue Original-Lizenz erwerben. Um eine Lizenz zu erhalten, erwerben Sie bitte einen Code eines unserer offiziellen Partner Paysafecard oder ukash und geben Sie diesen in das unten vorgesehene Fenster ein und bestätigen Sie mit "OK". Eine Lizenzierung erfolgt automatisch innerhalb der nächsten 12 Stunden, bitte lassen Sie Ihren Computer in dieser Zeit eingeschaltet, damit der Vorgang durchgeführt werden kann. Falls Sie ein Upgrade auf Windows 8 wünschen, ist dies zu einem Einführungspreis von nur 100 € möglich.
Vielen Dank für das in Windows und Microsoft gesetze Vertrauen.
Fake Windows Genuine Advantage Notifications removal:
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Log in to the account that is infected with Fake Windows Genuine Advantage Notifications. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
After completing these steps your computer should be clean, reboot your computer in normal mode.
Alternative Fake Windows Genuine Advantage Notifications removal guide:
If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.
1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.
3. In the command prompt type regedit and press Enter. This will open the registry editor window.
4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of Fake Windows Genuine Advantage Notifications.
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing this ransomware from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Anti-spyware programs known to detect and remove Fake Windows Genuine Advantage Notifications:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.
Manual Fake Windows Genuine Advantage Notifications removal:
If you were unable to remove Fake Windows Genuine Advantage Notifications using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these fake Windows Genuine Advantage Notifications processes:
Delete these fake Windows Genuine Advantage Notifications files:
- You Shall Not Pass Virus
- Search.snapdo.com Browser Hijacker
- Internet Security "designed to protect" Scam - Fake Antivirus Program
- Computer Crime and Intellectual Property Section - Your PC is blocked
- Europol Interpol Virus
- MoneyGram Virus
- XP Micro Antivirus Online Scan
- VisualBee Toolbar (Delta Search Redirect)
- FBI Your Computer Has Been Locked scam
- System Care Antivirus
- Department of Justice MoneyPak Virus
- Win 7 Antivirus 2013
- SweetIM Toolbar (Search.sweetim.com Virus)
- Department of Justice scam
- FBI Cybercrime Division - Your PC is Blocked (MoneyPak Virus)
- Metropolitan Police ransomware (PCeU) virus
- Police Central E-Crime Unit Virus
- Internet Security "designed to protect" Scam - Fake Antivirus Program