“Microsoft has detected suspicious activity” Tech support scam (Tech Support Scam) - updated Jun 2019

“Microsoft has detected suspicious activity” Tech support scam Removal Guide

What is “Microsoft has detected suspicious activity” Tech support scam?

“Microsoft has detected suspicious activity” is a tech support scam that shows false system messages about alleged malware

“Microsoft has detected suspicious activity” Tech support scamMicrosoft has detected suspicious activity is the virus that shows various fake alerts stating that your device is in danger due to malware detection.

“Microsoft has detected suspicious activity” scam is the web browser redirects causing program that focuses on tricking users into displaying warnings and notifications about system issues. This is a social engineering attack that suggests people call the support number, so the problems get fixed by technicians. Unfortunately, these warnings are fake and caused by the adware-type intruder installed on the computer behind your back, and people on the other side are scammers.

When you encounter Microsoft has detected suspicious activity tech support scam message, it can be exited as a browser window, but the continuous appearance of the fake alerts indicate the additional intruder and possible risk. There is nothing wrong with your machine, and viruses are not targeting credentials or logins. However, calling the provided number and installing promoted software can lead to such problems like stolen data.

Remember that Microsoft or any other company, a software developer does not send messages about PC issues, especially such alerts with contact information or phone numbers. Microsoft has detected suspicious activity is nothing but a pop-up, so don't provide your personal data for the scammers and clean the machine as soon as possible.

Name “Microsoft has detected suspicious activity”
Type Scam
Tactics Technical support scam attack, social engineering tactics
Danger Tricks people into revealing their personal information
Distribution Deceptive websites, questionable software, potentially unwanted programs
Elimination Get FortectIntego clean the system from PUPs and other fake alerts causing applications. Remove “Microsoft has detected suspicious activity” scam with anti-malware tools

The free app management program TSS MoboPlay is nothing else but a brand new cyber threat that is known as “Microsoft has detected suspicious activity” Tech support scam[1]. The scammers[2] try to trick users into calling to fake Microsoft technician.

Victims receive a screen where they are informed about some suspicious activities on their computers. Well, this message itself proves that the computer has been infected with malware. Scammers try to scare victims that some “attackers” might try to steal their personal information such as banking details, email credentials, or passwords.

To protect their privacy and computer, people are asked to call 1-800-603-5246 or a similar “toll-free” number. We want to discourage you from doing that[3]. This call might be charged a lot, and you might be unpleasantly surprised when you receive the next phone bill.

However, it’s not the biggest problem. People hiding behind “Microsoft has detected suspicious activity” virus might try to convince you to reveal personal details or trick to purchase some bogus software that is supposed to clean and fix the computer. Not only this software might include malware[4], but also scammers might trick you installing some remote access tools.

Microsoft has detected suspicious activity scamMicrosoft has detected suspicious activity tech support scam is the message that claims to have detected particular risks on the device.

“Microsoft has detected suspicious activity” scam delivers various messages and alerts with warnings on the screen. These pop-ups depend on the victim, but the initial note shows the following:

Microsoft has detected some suspicious activity on this computer. All access to this device has been revoked due to a network security breach. Attackers might attempt to steal personal information, banking details, emails, passwords and other files on this system. Please contact a Microsoft certified technician on 1-800-603-5246.

In this case, you will give full access to for cybercriminals. Hence, if you are one of those people who received this message, do not think about calling the provided number. Just start Microsoft has detected suspicious activity removal. Scan your computer with FortectIntego or other reputable malware removal tools, but before that have a look our prepared instructions at the end of the article.

The screen delivered by the TSS MoboPlay has a window where victims should type an activation key. People are supposed to get this key after calling the provided phone number. What happens if you try to enter a random activation key? The program delivers a message saying, “Your key seems to have been expired. Please call at 1-800-603-5246 to get a new one.” As you already know the consequences of this call might be serious; so, remove “Microsoft has detected suspicious activity” immediately!

“Microsoft has detected suspicious activity” virus“Microsoft has detected suspicious activity” message states about detected hacking. However, these alerts are caused by a cyber intruder and the message is false.

Scammers rely on potentially unwanted programs

Cybercriminals use many distribution ways how to spread tech support scams. However, the primary distribution method is via free app management program or a potentially unwanted program of the adware type. Therefore, you should be careful with installing new software.

Always choose reliable and secure sources for software downloads or even updates, like official developers’ websites. Never install software from ads, file-sharing websites[5], promotional pop-ups, or unknown domains. However, choosing the right sources, it’s not enough because there can be hidden features still.

You should always read the Privacy Policy, EULA, and choose the safe installation mode. Always opt for Advanced/Custom installation because it allows seeing whether you install a single program or a software package.

The problem with software bundling is that it might include lots of PUPs or infected apps. If you choose Quick/Recommended setup, you won’t be able to stop the installation of unwanted additional applications. Meanwhile, Advanced/Custom configuration allows to monitor and adjust the installation process.

Remove “Microsoft has detected suspicious activity” virus

First of all, “Microsoft has detected suspicious activity” scam removal requires to follow the termination steps closely, so all the issues can be eliminated. The best tip we can give you is to rely on automatic tools and remove it that way because of all the programs and applications that such infection can add behind your back.

The elimination of potentially unwanted programs can be done manually, and you can remove “Microsoft has detected suspicious activity” scam from the machine by finding all associated files, related applications and deleting them one by one. This is a more difficult method.

It doesn’t matter which method of these two you have chosen, the second step is the same – you have to double-check if the system is clear. When you use anti-malware tools for the initial cleaning, this can be done using the same software. Only when you remove “Microsoft has detected suspicious activity” Tech support scam from your PC entirely the system can work as before.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of “Microsoft has detected suspicious activity” Tech support scam. Follow these steps

Uninstall from Windows

“Microsoft has detected suspicious activity” scam removal requires close attention

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of “Microsoft has detected suspicious activity” Tech support scam registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting malware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions