System Activation KEY Has Expired POP-UP Scam

Also Known As: "System Activation KEY Has Expired" virus
Distribution: Moderate
Damage level: Medium

"System Activation KEY has expired" scam removal instructions

What is the "System Activation KEY has expired" scam?

"System Activation KEY has expired" is a message displayed in a fake technical support scam, promoted by various deceptive websites. Visually this scheme mimics the appearance of the Blue Screen error displayed on Windows Operating Systems (OSs), specifically the graphics of these errors as they appear on Windows 8, 8.1 and 10 OS versions. This scam is designed to trick users into calling a fraudulent tech support helpline. The scheme claims that users' device has been blocked, due to detected infections. To further the impression that this claim is legitimate, "System Activation KEY has expired" scam automatically displays file download dialogue windows (which appear continuously, despite any declinations) - this freezes the browser and increases the believability of the statement that the computer has been locked. It must be emphasized that this is not a genuine Windows error/alert and the scam is in no way associated with the actual Microsoft corporation. Furthermore, no webpage can detect threats/issues present on a device. Most users access scam sites unintentionally, they get redirected to such by intrusive advertisements or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.

System Activation KEY has expired scam

The background page of the "System Activation KEY has expired" imitates the graphics of the Windows Blue Screen, the scam also borrows a phrase from the real error - "We're just collecting some error info, and then we'll restart for you." Despite this, the text presented in the scheme is poorly structured and contains grammatical mistakes. The message in the background warns users not to close the webpage or restart their computer. Since doing so - will supposedly damage the system. Additionally, users are informed that their device has been locked, as it is infected with trojans. Allegedly, this has happened due the system activation key having expired. To further alarm users, the scam proclaims that their personal information (e.g. passwords, messages, credit cards, etc.) have been stolen. Throughout this page, users are urged to call the fake helpline. The small pop-up window at the right of the page contains an alert in French. According to a rough translation, it informs users that potential threats have been detected on their computer. The installed security essentials failed to block the virus; this can result in serious privacy concerns and permanent damage to the device. The pop-up presses users once again to call technical support. As mentioned in the introduction, all of the information provided by "System Activation KEY has expired" is false. Hence, the infections it claims are present on users' computers are nonexistent and the devices have not and will not be locked. While the telephone numbers listed in such schemes are usually presented as "free" - that is seldom the case. Tech support scams are designed to abuse users' trust in various ways. For example, they may be asked by the scammers to allow remote access and control over their device. In the best case scenarios, users are merely tricked into believing that their computers have been fixed and the devices themselves are not harmed in this process. However, scammers may use the permitted entry to gain control over the device (e.g. by infecting it with Remote Access Trojans - RATs), which can enable indefinite access and control - without user input or knowledge. Scammers target personal information (e.g. names, addresses, emails, banking account and credit card details), either by extracting the data from the computers and/or by tricking users into revealing it. Typically, once the fake technical support services are completed - users are presented with significant fees. Scammers often request users to pay via dubious online payment portals (that may also reveal entered financial data to the individuals behind the scheme) and/or with digital currencies (e.g. cryptocurrencies, pre-paid vouchers / gift cards). To summarize, trusting "System Activation KEY has expired" and similar scams can lead to system infections, financial losses, severe privacy issues and even identity theft. Some deceptive websites prevent users from closing them. In such cases, the Windows Task Manager has to be used to end the browser's process. Furthermore, upon reopening the browser - the previous session must not be restored - so that the scam site would not be reopened.

PUAs are one of the main culprits behind rogue redirects to various untrustworthy/malicious pages. However, these apps can have other/additional abilities. Adware-type PUAs deliver intrusive advertisements, which diminish the browsing experience and are harmful. Upon being clicked, the delivered ads redirect to dangerous websites and some can even stealthily download/install software. Another type called browser hijackers - modify browsers in order to promote fake search engines. The illegitimate web searchers are rarely capable of generating search results, so they redirect to Yahoo, Google, Bing and other genuine search engines. Most PUAs, regardless of type, have data tracking abilities. They monitor browsing activity (browsing and search engine histories) and collect personal information extracted from it (IP addresses, geolocations and other details). The gathered data is often shared with and/or sold to third parties (potentially, cyber criminals). To ensure device and user safety - all suspect applications and/or browser extensions/plug-ins must be eliminated without delay.

Threat Summary:
Name "System Activation KEY Has Expired" virus
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Scam claims the device has been infected and locked for safety purposes.
Tech Support Scammer Phone Number +1-888-405-3166, 1-877-670-2749
Related Domains socioeconomically[.]site
Detection Names (socioeconomically[.]site)
Kaspersky (Malware), Full List Of Detections (VirusTotal)
Serving IP Address (socioeconomically[.]site)
163.172.170.45
Symptoms Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Malwarebytes.
▼ Download Malwarebytes
To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.

"A virus has been detected on your computer", "ERROR CODE 72", "Killer's IP Address" and "VIRUS ALERT FROM Windows" are some examples of other technical support scams. The Internet is rife with all kinds of scams, which make various claims and use different techniques. However, the end-goal of all schemes is the same - to generate revenue to the scammers / cyber criminals behind them. Therefore, it is strongly advised to exercise caution when browsing.

How did potentially unwanted applications install on my computer?

Select PUAs have "official" download webpages, which are commonly promoted by deceptive/scam sites. They can also be downloaded/installed together with other programs. This false marketing method of packing regular software with unwanted/malicious additions - is called "bundling". Rushed download/installation processes (e.g. skipped steps and sections, etc.) - increase the risk of inadvertent installation of bundled content. Once clicked on, intrusive adverts can execute scripts to download/install PUAs without user consent.

How to avoid installation of potentially unwanted applications?

All products should be researched before download/installation and/or purchase. Only official and verified download channels must be used. Untrustworthy sources, like: free file-hosting websites, Peer-to-Peer sharing networks and other details third party downloaders - often offer deceptive and/or bundled content. When downloading/installing, it is recommended to always read terms, study available options, use the "Custom/Advanced" settings and opt-out from supplementary apps, tools, functions, etc. Intrusive ads appear ordinary and harmless, however they redirect to questionable webpages (e.g. gambling, pornography, adult-dating, and so on). In case of encounters with advertisements and/or redirects of this kind, users must inspect the system and immediately remove all dubious applications and browser extensions/plug-ins from it. If your computer is already infected with PUAs, we recommend running a scan with Malwarebytes for Windows to automatically eliminate them.

Text presented in "System Activation KEY has expired" scam's background page:

Do not close this window or restart your computer. We're just collecting some error info, and then we'll restart for you.Restart your PC manually can harm SYSTEM boot

 

Your computer has been Locked

 

Cal Microsoft : +1-888-405-3166

 

Your computer with the IP address has been infected by the Trojans -- Because System Activation KEY has expired & Your information
(for example, passwords, messages, and credit cards) have been stolen. Call Microsoft +1-888-405-3166 to protect your files and
identity from further damage.

 

Cal Microsoft : +1-888-405-3166 (Toll Free)
 
Automatically report details of possible incidents to Google. Privacy policy

 

Cal Microsoft : +1-888-405-3166(Toll Free)

 

For more information
about this issue and possible fixes, visit
hxxp://windows.com
/stopcode

 

If you call a support
person give them this
info
Stop Code:

Text presented in the pop-up window in the bottom-right corner of the page:

DETECTION DES MENACES POTENTIELLES
SUR VOTRE ORDINATEUR

 

Essential de sécurité me sont pas fiables
pour bloquer le virus. Détection des
menaces potentielles qui pourraient
compromettre votre vie privée o d'emdom-
manger votre ordinateur.

 

Code d'erreur: 8x922344sc, impossible
d'installer les mises à jour.

 

Systeme peut étre l'usage noeif
comme a-été détecté le virus.
CONTACTER SUPPORT

The appearance of "System Activation KEY has expired" scam (GIF):

Appearance of System Activation KEY has expired scam (gif)

Another variant of "System Activation KEY Has Expired" pop-up scam:

System Activation Key Has Expired scam gif

Text presented within:

Your computer has been locked
Your computer with the IP address might infected by the Trojans - Because System Activation KEY has expired & Your information (for example, passwords, messages, and CCs) have been stolen. Call the Help Desk number 1-877-670-2749 to protect your files and identity from further damage.
'System Activation Error Code: 0x44578' Lock Screen. To immediate rectify issue and prevent data lose Please call Toll free: 1-877-670-2749
WARNING: Hard Drive Safety Delete Starting In 4:58 minutes.
Toll free: 1-877-670-2749

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Malwarebytes is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Malwarebytes By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.

Quick menu:

Removal of potentially unwanted applications:

Windows 7 users:

Accessing Programs and Features (uninstall) in Windows 7

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

Windows XP users:

Accessing Add or Remove Programs in Windows XP

Click Start, choose Settings and click Control Panel. Locate and click Add or Remove Programs.

Windows 10 and Windows 8 users:

Accessing Programs and Features (uninstall) in Windows 8

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Mac OSX users:

Uninstall app in OSX (Mac)

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

PUAs uninstall via Control Panel

In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove rogue extensions from Internet browsers:

Video showing how to remove potentially unwanted browser add-ons:

Internet Explorer logoRemove malicious add-ons from Internet Explorer:

Removing rogue extensions from Internet Explorer step 1

Click the "gear" icon Internet Explorer options icon (at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".

Removing rogue extensions from Internet Explorer step 2

Optional method:

If you continue to have problems with removal of the "system activation key has expired" virus, reset your Internet Explorer settings to default.

Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.

Resetting Internet Explorer settings to default on Windows XP

Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.

Resetting Internet Explorer settings to default on Windows 7

Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.

Reseting Internet Explorer settings to default in Windows 8 - accessing

In the opened window, select the Advanced tab.

Resetting Internet Explorer settings to default on Windows 8 - Internet options advanced tab

Click the Reset button.

Resetting Internet Explorer settings to default on Windows 8 - click the Reset button in the Internet options advanced tab

Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.

Resetting Internet Explorer settings to default on Windows 8 - confirm settings reset to default by clicking the reset button

Google Chrome logoRemove malicious extensions from Google Chrome:

Removing rogue extensions from Google Chrome step 1

Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons and remove them.

Removing rogue extensions from Google Chrome step 2

Optional method:

If you continue to have problems with removal of the "system activation key has expired" virus, reset your Google Chrome browser settings. Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

Google Chrome settings reset step 1

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

Google Chrome settings reset step 2

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Google Chrome settings reset step 3

Mozilla Firefox logoRemove malicious plugins from Mozilla Firefox:

Removing rogue extensions from Mozilla Firefox step 1

Click the Firefox menu firefox menu icon (at the top right corner of the main window), select "Add-ons". Click on "Extensions", in the opened window remove all recently-installed suspicious browser plug-ins.

Removing rogue extensions from Mozilla Firefox step 2

Optional method:

Computer users who have problems with "system activation key has expired" virus removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, firefox menu icon in the opened menu, click Help.

Accessing settings (Reset Firefox to default settings step 1)

Select Troubleshooting Information.

Accessing Troubleshooting Information (Reset Firefox to default settings step 2)

In the opened window, click the Refresh Firefox button.

Clicking on Refresh Firefox button (Reset Firefox to default settings step 3)

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Confirm your want to reset Firefox settings to default (Reset Firefox to default settings step 4)

safari browser logoRemove malicious extensions from Safari:

removing adware from safari step 1 - accessing preferences

Make sure your Safari browser is active, click Safari menu, and select Preferences....

removing adware from safari step 2 - removing extensions

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

resetting safari step 1

In the opened window select all history and click the Clear History button.

resetting safari step 2

Microsoft Edge (Chromium) logoRemove malicious extensions from Microsoft Edge:

Removing adware from Microsoft Edge step 1

Click the Edge menu icon Microsoft Edge (chromium) menu icon (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.

Removing adware from Microsoft Edge step 2

Optional method:

If you continue to have problems with removal of the "system activation key has expired" virus, reset your Microsoft Edge browser settings. Click the Edge menu icon Microsoft Edge (chromium) menu icon (at the top right corner of Microsoft Edge) and select Settings.

Microsoft Edge (Chromium) reset step 1

In the opened settings menu select Reset settings.

Microsoft Edge (Chromium) reset step 2

Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.

Microsoft Edge (Chromium) reset step 3

  • If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.

Summary:

declining installation of adware while downloading free software sampleCommonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.

Removal assistance:
If you are experiencing problems while trying to remove "system activation key has expired" virus from your computer, please ask for assistance in our malware support forum.

Post a comment:
If you have additional information on "system activation key has expired" virus or it's removal please share your knowledge in the comments section below.

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
System Activation KEY Has Expired virus QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of "System Activation KEY Has Expired" virus on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Malwarebytes

Platform: Windows

Editors' Rating for Malwarebytes:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Malwarebytes. 14 days free trial available.