What is the "System Activation KEY has expired" scam?
"System Activation KEY has expired" is a message displayed in a fake technical support scam, promoted by various deceptive websites. Visually this scheme mimics the appearance of the Blue Screen error displayed on Windows Operating Systems (OSs), specifically the graphics of these errors as they appear on Windows 8, 8.1 and 10 OS versions.
This scam is designed to trick users into calling a fraudulent tech support helpline. The scheme claims that users' device has been blocked, due to detected infections.
To further the impression that this claim is legitimate, "System Activation KEY has expired" scam automatically displays file download dialogue windows (which appear continuously, despite any declinations) - this freezes the browser and increases the believability of the statement that the computer has been locked.
It must be emphasized that this is not a genuine Windows error/alert and the scam is in no way associated with the actual Microsoft corporation.
Furthermore, no webpage can detect threats/issues present on a device. Most users access scam sites unintentionally, they get redirected to such by intrusive advertisements or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.
The background page of the "System Activation KEY has expired" imitates the graphics of the Windows Blue Screen, the scam also borrows a phrase from the real error - "We're just collecting some error info, and then we'll restart for you." Despite this, the text presented in the scheme is poorly structured and contains grammatical mistakes.
The message in the background warns users not to close the webpage or restart their computer. Since doing so - will supposedly damage the system. Additionally, users are informed that their device has been locked, as it is infected with trojans. Allegedly, this has happened due the system activation key having expired.
To further alarm users, the scam proclaims that their personal information (e.g. passwords, messages, credit cards, etc.) have been stolen. Throughout this page, users are urged to call the fake helpline. The small pop-up window at the right of the page contains an alert in French.
According to a rough translation, it informs users that potential threats have been detected on their computer. The installed security essentials failed to block the virus; this can result in serious privacy concerns and permanent damage to the device. The pop-up presses users once again to call technical support.
As mentioned in the introduction, all of the information provided by "System Activation KEY has expired" is false. Hence, the infections it claims are present on users' computers are nonexistent and the devices have not and will not be locked. While the telephone numbers listed in such schemes are usually presented as "free" - that is seldom the case.
Tech support scams are designed to abuse users' trust in various ways. For example, they may be asked by the scammers to allow remote access and control over their device. In the best case scenarios, users are merely tricked into believing that their computers have been fixed and the devices themselves are not harmed in this process.
However, scammers may use the permitted entry to gain control over the device (e.g. by infecting it with Remote Access Trojans - RATs), which can enable indefinite access and control - without user input or knowledge.
Scammers target personal information (e.g. names, addresses, emails, banking account and credit card details), either by extracting the data from the computers and/or by tricking users into revealing it. Typically, once the fake technical support services are completed - users are presented with significant fees.
Scammers often request users to pay via dubious online payment portals (that may also reveal entered financial data to the individuals behind the scheme) and/or with digital currencies (e.g. cryptocurrencies, pre-paid vouchers / gift cards).
To summarize, trusting "System Activation KEY has expired" and similar scams can lead to system infections, financial losses, severe privacy issues and even identity theft. Some deceptive websites prevent users from closing them. In such cases, the Windows Task Manager has to be used to end the browser's process.
Furthermore, upon reopening the browser - the previous session must not be restored - so that the scam site would not be reopened.
PUAs are one of the main culprits behind rogue redirects to various untrustworthy/malicious pages. However, these apps can have other/additional abilities. Adware-type PUAs deliver intrusive advertisements, which diminish the browsing experience and are harmful.
Upon being clicked, the delivered ads redirect to dangerous websites and some can even stealthily download/install software. Another type called browser hijackers - modify browsers in order to promote fake search engines. The illegitimate web searchers are rarely capable of generating search results, so they redirect to Yahoo, Google, Bing and other genuine search engines.
Most PUAs, regardless of type, have data tracking abilities. They monitor browsing activity (browsing and search engine histories) and collect personal information extracted from it (IP addresses, geolocations and other details). The gathered data is often shared with and/or sold to third parties (potentially, cyber criminals).
To ensure device and user safety - all suspect applications and/or browser extensions/plug-ins must be eliminated without delay.
|Name||"System Activation KEY Has Expired" virus|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Scam claims the device has been infected and locked for safety purposes.|
|Tech Support Scammer Phone Number||+1-888-405-3166, 1-877-670-2749|
|Detection Names (socioeconomically[.]site)
||Kaspersky (Malware), Full List Of Detections (VirusTotal)|
|Serving IP Address (socioeconomically[.]site)
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
"A virus has been detected on your computer", "ERROR CODE 72", "Killer's IP Address" and "VIRUS ALERT FROM Windows" are some examples of other technical support scams. The Internet is rife with all kinds of scams, which make various claims and use different techniques.
However, the end-goal of all schemes is the same - to generate revenue to the scammers / cyber criminals behind them. Therefore, it is strongly advised to exercise caution when browsing.
How did potentially unwanted applications install on my computer?
Select PUAs have "official" download webpages, which are commonly promoted by deceptive/scam sites. They can also be downloaded/installed together with other programs. This false marketing method of packing regular software with unwanted/malicious additions - is called "bundling".
Rushed download/installation processes (e.g. skipped steps and sections, etc.) - increase the risk of inadvertent installation of bundled content. Once clicked on, intrusive adverts can execute scripts to download/install PUAs without user consent.
How to avoid installation of potentially unwanted applications?
All products should be researched before download/installation and/or purchase. Only official and verified download channels must be used. Untrustworthy sources, like: free file-hosting websites, Peer-to-Peer sharing networks and other details third party downloaders - often offer deceptive and/or bundled content.
When downloading/installing, it is recommended to always read terms, study available options, use the "Custom/Advanced" settings and opt-out from supplementary apps, tools, functions, etc. Intrusive ads appear ordinary and harmless, however they redirect to questionable webpages (e.g. gambling, pornography, adult-dating, and so on).
In case of encounters with advertisements and/or redirects of this kind, users must inspect the system and immediately remove all dubious applications and browser extensions/plug-ins from it. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.
Text presented in "System Activation KEY has expired" scam's background page:
Do not close this window or restart your computer. We're just collecting some error info, and then we'll restart for you.Restart your PC manually can harm SYSTEM boot
Your computer has been Locked
Cal Microsoft : +1-888-405-3166
Your computer with the IP address has been infected by the Trojans -- Because System Activation KEY has expired & Your information
(for example, passwords, messages, and credit cards) have been stolen. Call Microsoft +1-888-405-3166 to protect your files and
identity from further damage.
Cal Microsoft : +1-888-405-3166 (Toll Free)
Cal Microsoft : +1-888-405-3166(Toll Free)
For more information
about this issue and possible fixes, visit
If you call a support
person give them this
Text presented in the pop-up window in the bottom-right corner of the page:
DETECTION DES MENACES POTENTIELLES
SUR VOTRE ORDINATEUR
Essential de sécurité me sont pas fiables
pour bloquer le virus. Détection des
menaces potentielles qui pourraient
compromettre votre vie privée o d'emdom-
manger votre ordinateur.
Code d'erreur: 8x922344sc, impossible
d'installer les mises à jour.
Systeme peut étre l'usage noeif
comme a-été détecté le virus.
The appearance of "System Activation KEY has expired" scam (GIF):
Another variant of "System Activation KEY Has Expired" pop-up scam:
Text presented within:
Your computer has been locked
Your computer with the IP address might infected by the Trojans - Because System Activation KEY has expired & Your information (for example, passwords, messages, and CCs) have been stolen. Call the Help Desk number 1-877-670-2749 to protect your files and identity from further damage.
'System Activation Error Code: 0x44578' Lock Screen. To immediate rectify issue and prevent data lose Please call Toll free: 1-877-670-2749
WARNING: Hard Drive Safety Delete Starting In 4:58 minutes.
Toll free: 1-877-670-2749
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "System Activation KEY has expired"?
- STEP 1. Uninstall deceptive applications using Control Panel.
- STEP 2. Remove adware from Internet Explorer.
- STEP 3. Remove rogue extensions from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
- STEP 5. Remove rogue extensions from Safari.
- STEP 6. Remove rogue plug-ins from Microsoft Edge.
Removal of potentially unwanted applications:
Windows 11 users:
Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.
Windows 10 users:
Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.
Windows 7 users:
Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.
macOS (OSX) users:
Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.
In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".
After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.
Remove rogue extensions from Internet browsers:
Video showing how to remove potentially unwanted browser add-ons:
Remove malicious add-ons from Internet Explorer:
Click the "gear" icon (at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".
If you continue to have problems with removal of the "system activation key has expired" virus, reset your Internet Explorer settings to default.
Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.
Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.
Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.
In the opened window, select the Advanced tab.
Click the Reset button.
Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon (at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons and remove them.
If you continue to have problems with removal of the "system activation key has expired" virus, reset your Google Chrome browser settings. Click the Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.
After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.
In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.
Remove malicious plugins from Mozilla Firefox:
Click the Firefox menu (at the top right corner of the main window), select "Add-ons". Click on "Extensions", in the opened window remove all recently-installed suspicious browser plug-ins.
Computer users who have problems with "system activation key has expired" virus removal can reset their Mozilla Firefox settings.
Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.
Select Troubleshooting Information.
In the opened window, click the Refresh Firefox button.
In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.
Remove malicious extensions from Safari:
Make sure your Safari browser is active, click Safari menu, and select Preferences....
In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.
Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...
In the opened window select all history and click the Clear History button.
Remove malicious extensions from Microsoft Edge:
Click the Edge menu icon (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.
If you continue to have problems with removal of the "system activation key has expired" virus, reset your Microsoft Edge browser settings. Click the Edge menu icon (at the top right corner of Microsoft Edge) and select Settings.
In the opened settings menu select Reset settings.
Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.
- If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.
Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.
If you are experiencing problems while trying to remove "system activation key has expired" virus from your computer, please ask for assistance in our malware support forum.
Post a comment:
If you have additional information on "system activation key has expired" virus or it's removal please share your knowledge in the comments section below.