Remove Windows Genuine Advantage Ransom Trojan


Windows Genuine Advantage is a ransom Trojan that initially targets computer users in Germany. It impersonates as real alert from your operating system. Though, this will appear when your PC is infected with a Trojan or virus. It typically locks the computer and demand for a payment before it gives back your access.

There has been report that Windows Genuine Advantage ransom Trojan is spread through Adfly malicious advertising campaign. It will infiltrate your computer by exploiting several known vulnerable spots, and instantly attacks the registry to lock the desktop. This malware then sends a message that your computer will be locked temporarily due to identified software piracy. It demands you to pay for the code using Ukash, Paysafecard method. Message is written in German language.

Windows Genuine Advantage-Benachrichtigungen
Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bemühens von Microsoft, Softwarepiraterie einzudämmen.
Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten
Windows Version um eine Originalversion oder Raubkopie handelt.
Leider konnte diese Prüfung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf
Ihren Computer temporär gesperrt.
Als Gründe hierfür gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie).

Here is the English translation:

Windows Genuine Advantage-Notifications
Windows Genuine Advantage-Notifications is a part of the effort by Microsoft to curb software piracy.
This software helps you to determine whether the Windows version installed on your computer is genuine or pirated copy.
Unfortunately, this test could not be completed successfully, so, access to your computer is locked temporarily.
The reasons for this is expired or repeated used of Windows license, and illegally obtained of Windows license (bootleg).

What are symptoms of Windows Genuine Advantage Trojan Infection?

Infection of Windows Genuine Advantage Ransom Trojan is visually obvious. Infected computer will suffer from a locked desktop that displays a fake Windows message as shown in the screenshot image below.

Windows Genuine Advantage Virus

Threat Summary

Threat Name: Windows Genuine Advantage
Type: RansomLock
Brief Description: This type of malware locks the computer or desktop making it unusable.

Description

Windows Genuine Advantage is a ransom Trojan that initially targets computer users in Germany. It impersonates as real alert from your operating system. Though, this will appear when your PC is infected with a Trojan or virus. It typically locks the computer and demand for a payment before it gives back your access.

There has been report that Windows Genuine Advantage ransom Trojan is spread through Adfly malicious advertising campaign. It will infiltrate your computer by exploiting several known vulnerable spots, and instantly attacks the registry to lock the desktop. This malware then sends a message that your computer will be locked temporarily due to identified software piracy. It demands you to pay for the code using Ukash, Paysafecard method. Message is written in German language.

Windows Genuine Advantage-Benachrichtigungen
Windows Genuine Advantage-Benachrichtigungen ist ein Bestandteil des Bemühens von Microsoft, Softwarepiraterie einzudämmen.
Diese Software hilft dabei, zu bestimmen, ob es sich bei der auf Ihrem Computer installierten
Windows Version um eine Originalversion oder Raubkopie handelt.
Leider konnte diese Prüfung nicht erfolgreich abgeschlossen werden, daher wurde der Zugriff auf
Ihren Computer temporär gesperrt.
Als Gründe hierfür gelten eine abgelaufene oder mehrfach verwendete Windows-Lizenz, sowie eine illegal erworbene Windows-Lizenz (Raubkopie).

Here is the English translation:

Windows Genuine Advantage-Notifications
Windows Genuine Advantage-Notifications is a part of the effort by Microsoft to curb software piracy.
This software helps you to determine whether the Windows version installed on your computer is genuine or pirated copy.
Unfortunately, this test could not be completed successfully, so, access to your computer is locked temporarily.
The reasons for this is expired or repeated used of Windows license, and illegally obtained of Windows license (bootleg).

What are symptoms of Windows Genuine Advantage Trojan Infection?

Infection of Windows Genuine Advantage Ransom Trojan is visually obvious. Infected computer will suffer from a locked desktop that displays a fake Windows message as shown in the screenshot image below.

Windows Genuine Advantage Virus

Procedures to Remove Windows Genuine Advantage

Download FREE Removal Tool

Removal steps on this page will help you get rid of the threat effectively using tools and virus scanners. Please make sure that you will carry out the guide in exact order.

Create a USB Bootable Device

Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains Windows Genuine Advantage remover.

1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.

2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.

3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.

Start the Computer with Kaspersky Rescue Disk.

1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.

2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.

Boot Menu

3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.

5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.

Using WindowsUnlocker to Remove Windows Genuine Advantage

1.Click on the K button at the lower left corner of the screen.

2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.

4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.

5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.

Run a Virus Scan

1. After removing Windows Genuine Advantage, you need to delete all remaining components.
2. Click on the K to display the menu.

3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.

5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:

  • Disk boot sectors
  • Hidden startup objects
  • All drives

6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.

Leave a Comment