Announcement

Collapse
No announcement yet.

Book Source Fake Windows Activation Screen Removal Guide

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Book Source Fake Windows Activation Screen Removal Guide

    Book Source is a Trojan from the Rogue.Tech-Support-Scam family that pretends to be a tool that you can use to download free ebooks. In reality, this program does nothing but display a fake Windows Activation screen on your desktop in order to scare you into calling the listed 1-888-479-3649 remote tech support number. This fake "Activate Windows Now" screen pretend to be an alert from Windows that states "You must activate Windows within 1 day to continue using all Windows features". In reality, there is nothing wrong with Windows and you just have an infection displaying these alerts.

    Book Source Fake Windows Activation Screen Removal Guide

    • Mon, 28 Mar 2016 20:27:31 EDT
    • Read 263 times








    Book Source is a Trojan from the Rogue.Tech-Support-Scam family that pretends to be a tool that you can use to download free ebooks. In reality, this program does nothing but display a fake Windows Activation screen on your desktop in order to scare you into calling the listed 1-888-479-3649 remote tech support number. This fake "Activate Windows Now" screen pretend to be an alert from Windows that states "You must activate Windows within 1 day to continue using all Windows features". In reality, there is nothing wrong with Windows and you just have an infection displaying these alerts.
    If a user clicks on the Activate button it will pretend to try and activate Windows and then give an alert that states "Windows Helper is unable To Activate Windows Contact Support To Activate.". This is displayed purely to trick you into calling the 888-479-3649 number so that they can use scare tactics to sell you a support license. The support link in the screen will also open a browser window to www.supportforme.com, which is used by the remote support company to remotely control your computer via GoToAssist.
    When Book Source is installed and executed, it will also execute a program called Box.exe on a timer. The Box.exe program then displays the fake Windows Activation Alert. Unfortunately, the timer will spawn the box.exe process over and over, which can lead to hundreds of these alerts being displayed on your screen as shown below.
    The Book Source site contains very little information about this Trojan and in fact displays a strangely worded message:
    We cant let you know more about ourself since we dont want reveal ourself to the world so please do help us to develop more softwares
    Last, but not least, this infection also installs a TeamViewer installation into the %Temp% folder. Though this TeamViewer is never used by the program, I find it concerning to know that this software installs a remote access software on the victim's computer.
    As you can see, this program was created for the sole purpose of displaying fake Windows alerts in order to scare you into purchasing remote support services. If you are infected with this program, please ignore any alerts that are displayed and do not call the displayed number. To remove this Trojan and any related software, please use the removal guide below.
    Array
    View Associated Book Source Files C:\Windows\Book Source C:\Windows\Book Source\Book Source C:\Windows\Book Source\Book Source\1.exe C:\Windows\Book Source\Book Source\bs_cont_marker.dll C:\Windows\Book Source\Book Source\Book Source.exe C:\Windows\Book Source\Book Source\Box.exe C:\Windows\Book Source\Book Source\Uninstall.exe C:\Windows\Book Source\Book Source\Uninstall.ini %Temp%\TeamViewer\ %Temp%\TeamViewer\7.hta %Temp%\TeamViewer\TeamViewer.exe %Temp%\TeamViewer\TeamViewer_Desktop.exe %Temp%\TeamViewer\TeamViewer_Resource_en.dll %Temp%\TeamViewer\TeamViewer_Service.exe %Temp%\TeamViewer\TeamViewer_StaticRes.dll %Temp%\TeamViewer\tvinfo.ini %Temp%\TeamViewer\tv_w32.dll %Temp%\TeamViewer\tv_w32.exe %Temp%\TeamViewer\tv_x64.dll %Temp%\TeamViewer\tv_x64.exe %Temp%\TeamViewer\uninstall.exe %Temp%\TeamViewer\x64\ %Temp%\TeamViewer\x64\tvmonitor.cat %Temp%\TeamViewer\x64\TVMonitor.inf %Temp%\TeamViewer\x64\TVMonitor.sy_


    View Associated Book Source Registry Information HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Book Source C:\Windows\Book Source\Book Source\Book Source.exe HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Book Source 1.1.1.1







    Click here to view the article.
Working...
X