Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Windows Product Key for Windows 10


  • This topic is locked This topic is locked
62 replies to this topic

#1 Fangirl515

Fangirl515

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 11:50 AM

Um hi there, I recently had my laptop get infected. My laptop had turned off like usual after a series of updates, but when it turned back on I was greeted with this fake purple Windows Product Key, along with a fake support number. After realizing what was going on with my laptop I immediately started searching for methods of fixing my problem, sadly few results showed up, and what ones did never seemed to work for me. But then I came across BleepingComputers introductions on fixing mt dilemma, everything was going perfect! Up until the point where I had to get to the internet browser then search for their anti-virus malware, I had no problem opening my Browser, so I typed in the link that was in the instructions, then when the page was done loading it showed me all the results that popped up, the first thing that popped up was the link to their website with the software I needed, everything seemed to go perfect. So I clicked on the link, but guess what, it didn't work, instead of the page showing up it simply said "Cannot load page an internal error occurred". I've tried multiple times to get the website to show up, but no matter how many times I click it the page never loads. Even when I just type in BleepingComputer.com their homepage won't load. Someone please help me, this isn't a step I can avoid or do something different, this is the most important of the whole procedure! I LITERALLY AM STUCK WITH A VIRUS INFECTED CONPUTER UNTIL I FIGURE OUR A WAY TO DOWNLOAD BLEEPINGCOMPUTERS ANTI-VIRUS SOFTWARE, WHICH OH YEAH, I CAN'T GET TOO!!!!! Someone, anyone, please help me, I feel so alone with my problem, like no one else exists......

BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:15 PM

Posted 22 August 2016 - 12:11 PM

Hi Fangirl515,
 
Do you have another computer or laptop you could access and a USB drive?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 12:42 PM

I might, I do have another laptop on me and a USB drive,the USB is 1GB. Is that fine? (Also thank you for helping me with my current situation)

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:15 PM

Posted 22 August 2016 - 12:53 PM

Hi Fangirl515,
 
That's perfectly okay. 
 
Are you able to tell me what the phone number on the fake Windows Product Key screen is, or be able to take a picture of it?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 12:56 PM

Yeah sure no prob, the number is 1-844-305-7633

#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:15 PM

Posted 22 August 2016 - 01:12 PM

Hi Fangirl515
 
A couple more questions to hopefully enable me to identify what we are dealing with here :)
 
Does it happen to look like this? If you press CTRL-ALT-DEL together do you see a blue screen with options including Start Task Manager, if you click that does a window like this appear? 
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 01:28 PM

For the first question, yes, spot on actually. As for your second question yes, the only difference is my screen is green (though that could just be because I'm on Windows 10), but yes it shows me different options including Task Manager. And yes, when I do click on Task Manager a screen nearly identical to the one you just showed me appears.

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:15 PM

Posted 22 August 2016 - 02:01 PM

Hi Fangirl515,
 
The difference in colour is because it's Windows 10, you are correct :) Please try this for me:
 
Try entering microsoft into where it wants a product key and then clicking Activate Now. If it says it is incorrect then continue with the steps below.
Please select Productkeyupdate.exe on task manager and click on the End Task button. Then click on File, run new task, type explorer.exe and then click OK. 
 
Please download Farbar Recovery Scan Tool and save it your clean computer. You will want to save it to the USB and then plug that into the infected computer.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Make sure the Drivers MD5 box on the Optional Scan section is ticked.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Transfer the log via your USB to your clean computer.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
Let me know if you have any troubles.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 02:14 PM

Ohmygush, thank you so much, if I have any problems I'll be sure to tell u. I'll get back to u as soon as I'm done, thank you again so much!!!!

#10 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 02:34 PM

In my Task Manager I don't seem to have Productkeyupdate.exe, the only exe file I have is PresentationFontCache.exe, I don't know if this is the same thing or not. Should I delete it, and it is the only exe file I have

#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:15 PM

Posted 22 August 2016 - 02:38 PM

Is the fake purple Windows Product Key screen still up? If not then you can move onto the FRST step, otherwise, if you could manage to take a picture of the task manager, that would be great.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 02:50 PM

The fake purple windows screen is not still up, the only thing that is there is this tiny purple box that says, 24x7 HelpLine 1-844-305-7633, and it gives me the options to click *GoToAssist* *Supremo* *LogMeIn* and *CMD*. I'll take a pic of it and u can tell me if it has any significants, if not I'll go to step one

#13 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 02:52 PM

content://media/external/file/105675

#14 Fangirl515

Fangirl515
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 22 August 2016 - 02:56 PM

Hold on, let me try the pic thing again

#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:15 PM

Posted 22 August 2016 - 02:56 PM

You can upload the picture here and give me the URL if you are having trouble.

 

If you click on CMD on that little box, do you see a window like this?

 

xXToffeeXx~


Edited by xXToffeeXx, 22 August 2016 - 02:57 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users