A ransomware infection, published by Microsoft security experts on 28th of February has been detected to lock the screen of the victims it infects and pretend it encrypts their files. The infection has been reported to display a “Blue Screen of Death” type of message to the victims and scare them off into paying the sum of 200$ to unlock their screen. The “Your Windows Has Been Banned” ransomware infection is from the lockscreen type and is not a very dangerous threat since it’s unlock password is discovered in it’s malware code. In order to unlock your computer and remove this threat, we advise you to read this material.
Your Windows Has Been Banned Virus
|Short Description||The malware locks the screen of its victims, pretending to be from Windows. Then asks a ransom to be paid in the frame of $200|
|Symptoms||The user may witness ransom notes and “instructions” on his screen which is locked. The instructions begin with “Your Windows Has Been Banned” message.|
See If Your System Has Been Affected by Your Windows Has Been Banned Virus
Malware Removal Tool
|User Experience||Join our forum to Discuss Your Windows Has Been Banned Virus.|
|Data Recovery Tool||Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
“Your Windows Has Been Banned” Virus’s Infection Process
To infect a given computer, the Your Windows Has Been Banned virus is reported by security researchers at Microsoft to use a file, pretending to be legitimate Windows file, called microsoft.exe. It looks like the following:
This executable may be uploaded In shady websites, tricking users it is an original installer of a Microsoft product. However, it may also be sent out via spam mail accompanied via a fake message.
Once the user opens the file, the Your Windows Has Been Banned virus creates a registry entry that disables Windows Task Manager. This registry value is called “DisableTaskMgr” and is located in the following Windows Registry sub-key:
Then the virus locks the screen of the user displaying a ransom message in the form of a Windows Style Lockscreen:
The screenlock demands $200 to be paid to an e-mail address, identified as email@example.com.
If the victim pays the ransom he or she may receive an unlock key and enter it, after which receive the following screen if the computer is successfully unlocked.
Luckily, now you do not have to pay any form of ransom to the ones behind the “Your Windows Has Been Banned” threat, because researchers have also discovered the unlock code in the malicious files themselves. The code is believed to be 30264410.
How to Properly Unlock Your PC and Remove “Your Windows Has Been Banned” Virus
If you have become a victim of the “Your Windows Has Been Banned” lockcreen, recommendations are to follow these steps.
Manually delete Your Windows Has Been Banned Virus from your computer
At the footer of the Lockscreen, you will find an unlock code field:
In it, enter the code 30264410. After this, you can remove the malware by following the instructions on the red screen which are:
1.Enter Windows Key + R
3.Delete the file winban.exe (or all files)
However, there still may be some malicious files left over after deletion of the winban.exe threat. This is why it is highly recommended to boot your computer into safe mode and scan for those files with adequate anti-malware software. Installing such software will detect all associated objects with “Your Windows Has Been Banned” lockscreen and remove them from your computer completely as well as protect your computer in the future.