What is the "System Activation KEY has expired" scam?
"System Activation KEY has expired" is a message displayed in a fake technical support scam, promoted by various deceptive websites. Visually this scheme mimics the appearance of the Blue Screen error displayed on Windows Operating Systems (OSs), specifically the graphics of these errors as they appear on Windows 8, 8.1 and 10 OS versions.
This scam is designed to trick users into calling a fraudulent tech support helpline. The scheme claims that users' device has been blocked, due to detected infections.
To further the impression that this claim is legitimate, "System Activation KEY has expired" scam automatically displays file download dialogue windows (which appear continuously, despite any declinations) - this freezes the browser and increases the believability of the statement that the computer has been locked.
It must be emphasized that this is not a genuine Windows error/alert and the scam is in no way associated with the actual Microsoft corporation.
Furthermore, no webpage can detect threats/issues present on a device. Most users access scam sites unintentionally, they get redirected to such by intrusive advertisements or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.
The background page of the "System Activation KEY has expired" imitates the graphics of the Windows Blue Screen, the scam also borrows a phrase from the real error - "We're just collecting some error info, and then we'll restart for you." Despite this, the text presented in the scheme is poorly structured and contains grammatical mistakes.
The message in the background warns users not to close the webpage or restart their computer. Since doing so - will supposedly damage the system. Additionally, users are informed that their device has been locked, as it is infected with trojans. Allegedly, this has happened due the system activation key having expired.
To further alarm users, the scam proclaims that their personal information (e.g. passwords, messages, credit cards, etc.) have been stolen. Throughout this page, users are urged to call the fake helpline. The small pop-up window at the right of the page contains an alert in French.
According to a rough translation, it informs users that potential threats have been detected on their computer. The installed security essentials failed to block the virus; this can result in serious privacy concerns and permanent damage to the device. The pop-up presses users once again to call technical support.
As mentioned in the introduction, all of the information provided by "System Activation KEY has expired" is false. Hence, the infections it claims are present on users' computers are nonexistent and the devices have not and will not be locked. While the telephone numbers listed in such schemes are usually presented as "free" - that is seldom the case.
Tech support scams are designed to abuse users' trust in various ways. For example, they may be asked by the scammers to allow remote access and control over their device. In the best case scenarios, users are merely tricked into believing that their computers have been fixed and the devices themselves are not harmed in this process.
However, scammers may use the permitted entry to gain control over the device (e.g. by infecting it with Remote Access Trojans - RATs), which can enable indefinite access and control - without user input or knowledge.
Scammers target personal information (e.g. names, addresses, emails, banking account and credit card details), either by extracting the data from the computers and/or by tricking users into revealing it. Typically, once the fake technical support services are completed - users are presented with significant fees.
Scammers often request users to pay via dubious online payment portals (that may also reveal entered financial data to the individuals behind the scheme) and/or with digital currencies (e.g. cryptocurrencies, pre-paid vouchers / gift cards).
To summarize, trusting "System Activation KEY has expired" and similar scams can lead to system infections, financial losses, severe privacy issues and even identity theft. Some deceptive websites prevent users from closing them. In such cases, the Windows Task Manager has to be used to end the browser's process.
Furthermore, upon reopening the browser - the previous session must not be restored - so that the scam site would not be reopened.
PUAs are one of the main culprits behind rogue redirects to various untrustworthy/malicious pages. However, these apps can have other/additional abilities. Adware-type PUAs deliver intrusive advertisements, which diminish the browsing experience and are harmful.
Upon being clicked, the delivered ads redirect to dangerous websites and some can even stealthily download/install software. Another type called browser hijackers - modify browsers in order to promote fake search engines. The illegitimate web searchers are rarely capable of generating search results, so they redirect to Yahoo, Google, Bing and other genuine search engines.
Most PUAs, regardless of type, have data tracking abilities. They monitor browsing activity (browsing and search engine histories) and collect personal information extracted from it (IP addresses, geolocations and other details). The gathered data is often shared with and/or sold to third parties (potentially, cyber criminals).
To ensure device and user safety - all suspect applications and/or browser extensions/plug-ins must be eliminated without delay.
|Name||"System Activation KEY Has Expired" virus|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Scam claims the device has been infected and locked for safety purposes.|
|Tech Support Scammer Phone Number||+1-888-405-3166, 1-877-670-2749|
|Detection Names (socioeconomically[.]site)
||Kaspersky (Malware), Full List Of Detections (VirusTotal)|
|Serving IP Address (socioeconomically[.]site)
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
"A virus has been detected on your computer", "ERROR CODE 72", "Killer's IP Address" and "VIRUS ALERT FROM Windows" are some examples of other technical support scams. The Internet is rife with all kinds of scams, which make various claims and use different techniques.
However, the end-goal of all schemes is the same - to generate revenue to the scammers / cyber criminals behind them. Therefore, it is strongly advised to exercise caution when browsing.
How did potentially unwanted applications install on my computer?
Select PUAs have "official" download webpages, which are commonly promoted by deceptive/scam sites. They can also be downloaded/installed together with other programs. This false marketing method of packing regular software with unwanted/malicious additions - is called "bundling".
Rushed download/installation processes (e.g. skipped steps and sections, etc.) - increase the risk of inadvertent installation of bundled content. Once clicked on, intrusive adverts can execute scripts to download/install PUAs without user consent.
How to avoid installation of potentially unwanted applications?
All products should be researched before download/installation and/or purchase. Only official and verified download channels must be used. Untrustworthy sources, like: free file-hosting websites, Peer-to-Peer sharing networks and other details third party downloaders - often offer deceptive and/or bundled content.
When downloading/installing, it is recommended to always read terms, study available options, use the "Custom/Advanced" settings and opt-out from supplementary apps, tools, functions, etc. Intrusive ads appear ordinary and harmless, however they redirect to questionable webpages (e.g. gambling, pornography, adult-dating, and so on).
In case of encounters with advertisements and/or redirects of this kind, users must inspect the system and immediately remove all dubious applications and browser extensions/plug-ins from it. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.
Text presented in "System Activation KEY has expired" scam's background page:
Do not close this window or restart your computer. We're just collecting some error info, and then we'll restart for you.Restart your PC manually can harm SYSTEM boot
Your computer has been Locked
Cal Microsoft : +1-888-405-3166
Your computer with the IP address has been infected by the Trojans -- Because System Activation KEY has expired & Your information
(for example, passwords, messages, and credit cards) have been stolen. Call Microsoft +1-888-405-3166 to protect your files and
identity from further damage.
Cal Microsoft : +1-888-405-3166 (Toll Free)
Cal Microsoft : +1-888-405-3166(Toll Free)
For more information
about this issue and possible fixes, visit
If you call a support
person give them this
Text presented in the pop-up window in the bottom-right corner of the page:
DETECTION DES MENACES POTENTIELLES
SUR VOTRE ORDINATEUR
Essential de sécurité me sont pas fiables
pour bloquer le virus. Détection des
menaces potentielles qui pourraient
compromettre votre vie privée o d'emdom-
manger votre ordinateur.
Code d'erreur: 8x922344sc, impossible
d'installer les mises à jour.
Systeme peut étre l'usage noeif
comme a-été détecté le virus.
The appearance of "System Activation KEY has expired" scam (GIF):
Another variant of "System Activation KEY Has Expired" pop-up scam:
Text presented within:
Your computer has been locked
Your computer with the IP address might infected by the Trojans - Because System Activation KEY has expired & Your information (for example, passwords, messages, and CCs) have been stolen. Call the Help Desk number 1-877-670-2749 to protect your files and identity from further damage.
'System Activation Error Code: 0x44578' Lock Screen. To immediate rectify issue and prevent data lose Please call Toll free: 1-877-670-2749
WARNING: Hard Drive Safety Delete Starting In 4:58 minutes.
Toll free: 1-877-670-2749
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "System Activation KEY Has Expired" virus?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.