Severity scale:  

Remove “Microsoft has detected suspicious activity” Tech support scam (Tech Support Scam) - updated Jun 2019

removal by Gabriel E. Hall - - | Type: Malware

“Microsoft has detected suspicious activity” is a tech support scam that shows false system messages about alleged malware

“Microsoft has detected suspicious activity” Tech support scam 

“Microsoft has detected suspicious activity” scam is the web browser redirects causing program that focuses on tricking users into displaying warnings and notifications about system issues. This is a social engineering attack that suggests people call the support number, so the problems get fixed by technicians. Unfortunately, these warnings are fake and caused by the adware-type intruder installed on the computer behind your back, and people on the other side are scammers.

When you encounter Microsoft has detected suspicious activity tech support scam message, it can be exited as a browser window, but the continuous appearance of the fake alerts indicate the additional intruder and possible risk. There is nothing wrong with your machine, and viruses are not targeting credentials or logins. However, calling the provided number and installing promoted software can lead to such problems like stolen data.

Questions about “Microsoft has detected suspicious activity” Tech support scam

Remember that Microsoft or any other company, a software developer does not send messages about PC issues, especially such alerts with contact information or phone numbers. Microsoft has detected suspicious activity is nothing but a pop-up, so don't provide your personal data for the scammers and clean the machine as soon as possible.

Name “Microsoft has detected suspicious activity” 
Type  Scam
Tactics  Technical support scam attack, social engineering tactics
Danger  Tricks people into revealing their personal information
Distribution  Deceptive websites, questionable software, potentially unwanted programs
Elimination Get Reimage Reimage Cleaner Intego clean the system from PUPs and other fake alerts causing applications. Remove “Microsoft has detected suspicious activity” scam with anti-malware tools

The free app management program TSS MoboPlay is nothing else but a brand new cyber threat that is known as “Microsoft has detected suspicious activity” Tech support scam[1]. The scammers[2] try to trick users into calling to fake Microsoft technician.

Victims receive a screen where they are informed about some suspicious activities on their computers. Well, this message itself proves that the computer has been infected with malware. Scammers try to scare victims that some “attackers” might try to steal their personal information such as banking details, email credentials, or passwords.

To protect their privacy and computer, people are asked to call 1-800-603-5246 or a similar “toll-free” number. We want to discourage you from doing that[3]. This call might be charged a lot, and you might be unpleasantly surprised when you receive the next phone bill.

However, it’s not the biggest problem. People hiding behind “Microsoft has detected suspicious activity” virus might try to convince you to reveal personal details or trick to purchase some bogus software that is supposed to clean and fix the computer. Not only this software might include malware[4], but also scammers might trick you installing some remote access tools.

Microsoft has detected suspicious activity scamMicrosoft has detected suspicious activity tech support scam is the message that claims to have detected particular risks on the device.

“Microsoft has detected suspicious activity” scam delivers various messages and alerts with warnings on the screen. These pop-ups depend on the victim, but the initial note shows the following:

Microsoft has detected some suspicious activity on this computer. All access to this device has been revoked due to a network security breach. Attackers might attempt to steal personal information, banking details, emails, passwords and other files on this system. Please contact a Microsoft certified technician on 1-800-603-5246.

In this case, you will give full access to for cybercriminals. Hence, if you are one of those people who received this message, do not think about calling the provided number. Just start Microsoft has detected suspicious activity removal. Scan your computer with Reimage Reimage Cleaner Intego or other reputable malware removal tools, but before that have a look our prepared instructions at the end of the article.

The screen delivered by the TSS MoboPlay has a window where victims should type an activation key. People are supposed to get this key after calling the provided phone number. What happens if you try to enter a random activation key? The program delivers a message saying, “Your key seems to have been expired. Please call at 1-800-603-5246 to get a new one.” As you already know the consequences of this call might be serious; so, remove “Microsoft has detected suspicious activity” immediately!

“Microsoft has detected suspicious activity” virus“Microsoft has detected suspicious activity” message states about detected hacking. However, these alerts are caused by a cyber intruder and the message is false.

Scammers rely on potentially unwanted programs

Cybercriminals use many distribution ways how to spread tech support scams. However, the primary distribution method is via free app management program or a potentially unwanted program of the adware type. Therefore, you should be careful with installing new software.

Always choose reliable and secure sources for software downloads or even updates, like official developers’ websites. Never install software from ads, file-sharing websites[5], promotional pop-ups, or unknown domains. However, choosing the right sources, it’s not enough because there can be hidden features still.

You should always read the Privacy Policy, EULA, and choose the safe installation mode. Always opt for Advanced/Custom installation because it allows seeing whether you install a single program or a software package.

The problem with software bundling is that it might include lots of PUPs or infected apps. If you choose Quick/Recommended setup, you won’t be able to stop the installation of unwanted additional applications. Meanwhile, Advanced/Custom configuration allows to monitor and adjust the installation process.

Remove “Microsoft has detected suspicious activity” virus

First of all, “Microsoft has detected suspicious activity” scam removal requires to follow the termination steps closely, so all the issues can be eliminated. The best tip we can give you is to rely on automatic tools and remove it that way because of all the programs and applications that such infection can add behind your back.

The elimination of potentially unwanted programs can be done manually, and you can remove “Microsoft has detected suspicious activity” scam from the machine by finding all associated files, related applications and deleting them one by one. This is a more difficult method.

It doesn’t matter which method of these two you have chosen, the second step is the same – you have to double-check if the system is clear. When you use anti-malware tools for the initial cleaning, this can be done using the same software. Only when you remove “Microsoft has detected suspicious activity” Tech support scam from your PC entirely the system can work as before.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove “Microsoft has detected suspicious activity” Tech support scam, follow these steps:

Delete “Microsoft has detected suspicious activity” Tech support scam from Windows systems

“Microsoft has detected suspicious activity” scam removal requires close attention

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall “Microsoft has detected suspicious activity” Tech support scam and related programs
    Here, look for “Microsoft has detected suspicious activity” Tech support scam or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions


  1. laura says:
    January 13th, 2017 at 9:09 am

    Oh, its a nasty computer infection…

  2. not a victim says:
    January 13th, 2017 at 9:10 am

    I wonder how many people are tricked by this scam. Its horrible.

Your opinion regarding “Microsoft has detected suspicious activity” Tech support scam