New Trojan Locks Windows, Racks Up Phone Charges

Dennis Faas's picture

Windows users are being targeted by a new scam that extorts money through long-distance telephone calls, racking up heavy charges.

After a victim mistakenly downloads and installs a Trojan onto their PC, the following message is displayed on a Windows PC:

"This copy of Windows is locked. You may be a victim of fraud or there may be an internal error".

While similar messages have appeared before and related to scareware and ransomware scams, the fact that the Windows operating system will not reboot (either in normal mode or safe mode) adds validity to the alleged crisis situation.

Victims Coaxed into Calling Fake Microsoft Call Center

In order to regain control of their PC, victims are instructed to "reactivate" their copy of Windows online or via telephone call.

The online system is designed to purposely fail every time, requiring users to call in and "reactivate" Windows. Users are then given one of six telephone numbers to dial, and promised that a special code will be given to them at the end of the phone call in order to restart (and unlock) their operating system. (Source:

A second message appears to reassure victims that the call from their country is free of charge, but this is hardly the case.

Fake Call Center Racks Up Heavy Long Distances Charges

The scam works like this: the scammers on the receiving end of the phone call pretend to be Microsoft representatives. Next, the telephone number then leads to an automated call center where the individual is kept on hold for several minutes, racking up long-distance charges.

The long distance charges are how the fraudsters make their money, perpetuating a practice called "short stopping" -- billing a call at a rate higher than is reasonable.

F-Secure Posts Unlock Code

Ransomware, the term describing the malware that tries to extort a payment in exchange for returning control of the computer or its files to the owner, is not a new practice by any means. However, the means by which scammers use to perpetuate this practice changes all the time.

The way around this particular ransomware can be achieved one of three ways: use the unlock code 1351236 to re-activate your PC. This code was posted by F-Secure, a security website. Note that the code may change over time as the scam perpetuates.

If that doesn't work, you can try to roll back the PC to a previous image backup or Windows restore point if one is available. (Source:

Rate this article: 
No votes yet