Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

Fake Microsoft Windows Activation Trojan


Fake Microsoft Windows Activation Trojan

Rogue antivirus programs and extortion Trojans depend on the appearance of legitimacy in order to meet their end goal, which is to persuade computer users to either purchase ineffectual software, or in the case of extortion Trojans, provide personal and/or financial information.  In both cases, it is essential that users recognize these rogues in order to protect their systems and their wallets.  The fake Microsoft Windows Activation Trojan is one such rogue to avoid.

What is the Fake Microsoft Windows Activation Trojan?

The Microsoft Windows Activation Trojan is designed to look like a legitimate warning message from the trusted Microsoft Windows program.  In fact, though, it is an extortion Trojan.  This particular breed of Trojan creates false messages that warn computer users that their current version of Windows is being used without proper authorization.  To resolve this, the pop-ups tell you, you must reactivate Windows.  Because software piracy is an issue that is growing in prominence, this Trojan is often successful in persuading users to "reactivate" Windows and provide their credit card information.  Users should be aware that this is a Trojan that is in no way associated with the legitimate Microsoft company.

This Trojan is also known as Kardphisher and Trojan.Kardphisher.

Has Microsoft Windows Activation Accessed Your System?

Because the Microsoft Windows Activation Trojan mimics legitimate Windows messages, it is doubly important to be aware of the signs that it has accessed your system. The most visible sign that this Trojan has entered your system is that you will begin receiving pop-ups. These messages use not only the Microsoft name, but also the quad-colored Windows symbol and the characteristic blue color.  They read as the following:


Microsoft Piracy Control


Your copy of windows was activated by another user.

To help reduce software piracy, please re-activate your copy of Windows now.

We will ask for you billing details, but your credit card will NOT be charged.

You must activate Windows before you can continue to use it.

Microsoft is committed to your privacy.  For more information, www.microsoft.com/piracy.

Do you want to activate Windows now?


You are given two options, to reactivate immediately or to do it later.  If you choose to reactivate, you will be prompted to enter your contact and credit card information.  If you do so, your credit card will be charged.  If you choose to "do it later," your computer will reboot, and you will see the pop-up yet again.  The website referenced in the pop-up leads to a site from Microsoft concerning piracy.  A touch of realism, but it in no way means that this Trojan is associated with Microsoft.

This particular Trojan can be very persuasive; under some circumstances, it may be necessary to reactivate Windows.  If this is the case, Microsoft will issue reminders to you.  They will not solicit your credit card information.

If the Windows Activation pop-ups start appearing on your computer, they render it impossible to run other programs.  You will not be able to close the pop-up, and it will reappear each time you log in, essentially ransoming your system.

How Does the Fake Microsoft Windows Activation Trojan Access a System?

Virtual Trojans are much like their namesake: they are disguised as something a computer user would want, such as a video codec, and use this guise to enter a computer system.  Trojans like the false Microsoft Piracy Control are often harbored in "questionable" sites, including those with adult, pirated, peer-to-peer, social networking, or gaming content, and they can enter your system when you click on an ad, image, or video.  While these types of sites are notorious for being home to Trojans, it is also becoming increasingly common for searches on "trending topics" to return a handful of malicious sites in the top ten to twenty spots.

Removing the Fake Microsoft Windows Activation Trojan

To ensure that your computer continues to run optimally, and that you do not give your credit card numbers to unsecure sites, it is essential that you take immediate steps to remove the Windows Activation Trojan.  Because malware, particularly this rogue application, have a fairly sophisticated design, they cannot be removed by taking basic steps like deleting the program or running your current antivirus program.  The simple fact is that this Trojan managed to evade your security program in the first place.

To effectively remove the Windows Activation program, there are two methods: the first is automatic removal with a program like Malwarebytes Anti-Malware (Malwarebytes has free malware removal) , and the other is manual removal.  The first option is recommended for everyone because it is fast, convenient, effective, and safe.  XoftSpySE is specifically designed to handle rogue programs.

The second option is recommended only for those with extensive technical experience, time, and patience.  Removing each associated registry key, file, and DLL is tedious work; moreover, it can negatively affect your computer's performance.  It is easy to miss a file, which can allow the Windows Activation Trojan to repair itself.  It is just as easy to accidently delete a necessary file.

Stop Processes:


Delete Registry Values:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""

Unregister DLLs:


Delete File:

[random].exe mtl.dll

We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service