This seems to be a fun new infection that is causing problems worldwide in identity theft.

First it claims "you are running a pirated version of Windows and we need your billing details...but your credit card will NOT be charged."

Details

  • Once credit card details are entered, the pirated OS is now activated. This attempts to completely modify how Windows works.
  • With this Windows Activation prompt, the user will be required to enter in their details in order for it to continue activation. It keeps the computer locked until you do this. If you do not enter in your details, and click Activate Later, the machine reboots, and goes through the same process again.
  • It then sends the credit card information to 5 different IP addresses (at least), which is a bot system. The bot system verifies that you have entered the information, and sends a request back to allow the activation.
  • Once the process of activation is complete, the computer is free to use by the user. Only problem, it is a pirated OS.



============================

Removal:

  • Since it locks the system, you need to give the user manual instructions.
  • Use OTLPE to edit the system and delete any bad files. This should delete the problem files.