Severity scale:  
  (13/100)

“Microsoft has detected suspicious activity” Tech support scam. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - - | Type: Malware
12

Be aware of “Microsoft has detected suspicious activity” Tech support scam

The free app management program TSS MoboPlay is nothing else but a brand new cyber threat that is known as “Microsoft has detected suspicious activity” Tech support scam[1]. The scammers[2] try to trick users into calling to fake Microsoft technician. Victims receive a screen where they are informed about some suspicious activities on their computers. Well, this message itself proves that computer has been infected with malware. Scammers try to scare victims that some “attackers” might try to steal their personal information such as banking details, email credentials or passwords. To protect their privacy and computer people are asked to call 1-800-603-5246. We want to discourage you from doing that[3]. This call might be charged a lot, and you might be unpleasantly surprised when you receive next phone bill. However, it’s not the biggest problem. People hiding behind “Microsoft has detected suspicious activity” virus might try to convince you to reveal personal details or trick to purchase some bogus software that is supposed to clean and fix the computer. Not only this software might include malware[4], but also scammers might trick you installing some remote access tools. In this case, you will give full access to for the cyber criminals. Hence, if you are one of those people who received this message, do not think about calling the provided number. Just start “Microsoft has detected suspicious activity” Tech support scam removal. Scan your computer with Reimage or other reputable malware removal tools, but before that have a look our prepared instructions at the end of the article.

The screen delivered by the TSS MoboPlay has a window where victims should type an activation key. People are supposed to get this key after calling the provided phone number. What happens if you try to enter random activation key? The program delivers a message saying “Your key seems to have been expired. Please call at 1-800-603-5246 to get a new one.” As you already know the consequences of this call might be serious; so, remove “Microsoft has detected suspicious activity” Tech support scam immediately!

Illustration of “Microsoft has detected suspicious activity” Tech support scam

How to avoid scammers?

Cyber criminals use many distribution ways how to spread “Microsoft has detected suspicious activity” Tech support scam. However, the main distribution method is via free app management program. Therefore, you should be careful with installing new software. Always chose reliable and secure sources for software downloads such as official developers’ websites. Never install software from ads, file-sharing websites[5] or unknown domains. However, choosing the right sources, it’s not enough. You should always read the Privacy Policy, EULA and choose safe installation mode. Always choose Advanced/Custom installation wizard because it allows seeing whether you install a single program or a software package. The problem with software package is that it might include lots of PUPs or infected apps. If you choose Quick/Recommended setup, you won’t be able to stop installation of unwanted additional applications. Meanwhile, Advanced/Custom configuration allows to monitor and adjust the installation process.

How to remove “Microsoft has detected suspicious activity” Tech support scam?

First of all, “Microsoft has detected suspicious activity” Tech support scam removal requires to follow one of these two simple methods:

Method 1:
To get back access to your computer, you have to reboot it.

Method 2:

  • In the screen insert this activation key and click Activate Now: 8716098676542789
  • You will see the box saying “Closing of the registration form is now allowed,” click OK.

It doesn’t matter which method of these two you have chosen, the second step is the same – you have to scan the computer with strong malware removal programs such as Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. These programs will remove “Microsoft has detected suspicious activity” Tech support scam from your PC entirely.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove “Microsoft has detected suspicious activity” Tech support scam you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall “Microsoft has detected suspicious activity” Tech support scam. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing “Microsoft has detected suspicious activity” Tech support scam (2017-01-11)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing “Microsoft has detected suspicious activity” Tech support scam (2017-01-11)
Hitman Pro
We have tested Hitman Pro's efficiency in removing “Microsoft has detected suspicious activity” Tech support scam (2017-01-11)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing “Microsoft has detected suspicious activity” Tech support scam (2017-01-11)

Manual “Microsoft has detected suspicious activity” Tech support scam Removal Guide:

Remove “Microsoft has detected suspicious activity” Tech support scam using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

If you have problems with accessing malware removal tools, follow these steps to reboot the computer to the Safe Mode.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove “Microsoft has detected suspicious activity” Tech support scam

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete “Microsoft has detected suspicious activity” Tech support scam removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove “Microsoft has detected suspicious activity” Tech support scam using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

If you cannot install or update malware removal software, follow these steps.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of “Microsoft has detected suspicious activity” Tech support scam. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that “Microsoft has detected suspicious activity” Tech support scam removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove “Microsoft has detected suspicious activity” Tech support scam from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by “Microsoft has detected suspicious activity” Tech support scam, you can use several methods to restore them:

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from “Microsoft has detected suspicious activity” Tech support scam and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

References


  • laura

    Oh, its a nasty computer infection…

  • not a victim

    I wonder how many people are tricked by this scam. Its horrible.