MoboPlay virus (Support Scam Virus) - Microsoft Support Scam

MoboPlay virus Removal Guide

What is MoboPlay virus?

How to recognize MoboPlay Tech Support Scam

Tech Support Scams are one of this year’s fastest growing cyber threats and MoboPlay virus is one of the newest addition to this virus family [1]. Thus, we think it would be useful to discuss this particular virus in more detail and raise awareness about such viruses among the Internet community. The initial thing we should point out is that technical support scams do not travel as individual viruses but are rather brought by other potentially unwanted programs [2]. We elaborate more on the virus distribution and infiltration issues later in the article. As for now, you may continue reading this article and find out about the working principles of this virus or skip straight to the last paragraph to find out about MoboPlay removal options. If you have tried manual elimination already and it did not bring any good results, you should not hesitate to employ professional malware removal utilities such as FortectIntego and remove the virus from your computer automatically.

image of mogoplay tech support scam virus

To classify MoboPlay to a more particular group of tech support viruses, we should note that it is a Microsoft support scam, similar to “Windows has detected some suspicious activity from your IP address” virus. This means that such infection is especially targeted at Windows OS users [3]. Imitating representatives from Microsoft, the hackers try to scare people into thinking their computers are in a critical state with the following message:

Microsoft has detected some suspicious activity on this computer. All access to this device has been revoked due to a network security breach. Attackers might attempt to steal personal information, banking details, emails, passwords and other files on this system.
Please contact a Microsoft certified technician on

To make the message more believable, the scammers display it in a lock screen [4] which actually obstructs the user from accessing the data on their computers, creating an impression of a blocked device. From an empty box and the “Activate Now” button we can presume that the users are required a Windows License key in order to get back the access to their account. Nevertheless, none of the legitimate keys will work and another alert urging to purchase a new key will pop up. The trick here is that your Windows license key is not actually expired and the scammers simply want you to pay for a fake product. Since no computer files can be accessed while this lock screen is active, this virus surely deserves a name of a ransomware-like infection [5]. Luckily, unlike with most of the actual ransomware, you can remove MoboPlay and access your personal files again. To do that, look at the recommendations below.

How do tech support scam viruses infect computers?

As we have already stated previously, tech support scams travel as potentially unwanted programs and use various techniques to infect computers. Perhaps one of the most widespread ways the infiltration is achieved is with the use of deceptive software bundling. For instance, the hackers may take a random application, for instance, MoboPlay, and bind it together with potentially unwanted program such as our discussed tech support virus. While the users think they are installing a regular application management program, the virus can easily slither inside the system and start its malicious activity on it. Advanced software installation is one way to prevent undesirable programs from entering your computer. Just pick “Custom” or “Advanced” installation modes when setting up new software on your computer and pick out potentially unwanted applications manually.

How to remove MoboPlay lock screen virus and get back the access to your computer?

MoboPlay virus is an infection that is not that easy to remove. The infected computer users might need to go through several steps of elimination, first having to go past the lock screen and only then moving on to MoboPlay removal. Luckily, below this article, you will find quick instructions which should help you terminate the lock screen. After you overcome this obstacle, you should then remove MoboPlay from your computer using specialized malware removal tools.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of MoboPlay virus. Follow these steps

Manual removal using Safe Mode

To remove the lock screen enter 8716098676542789 key in the box next to the “Activate Now” button. Once the lock screen is gone, proceed to the MoboPlay removal immediately. 

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove MoboPlay using System Restore

If you cannot remove MoboPlay using the key given in the Method 1, you may also try to access Windows Task Manager and terminate the lock screen process there. You will recognize the malicious process from a high CPU utilization and unusual process name.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of MoboPlay. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that MoboPlay removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove MoboPlay from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by MoboPlay, you can use several methods to restore them:

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from MoboPlay and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting malware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions