YOUR COMPUTER HAS BEEN BLOCKED is a message that accompanies quite a few tech support scams, as well as some ransomware viruses. Those scams can appear on your PC in a lot of ways, the worst of which is due to a Trojan horse. Most of the scams have websites spreading them, which can lock you out of your browser to a point you cannot interact with it. A small number of scams are even more complex and integrate with your system on a higher level. They lock your desktop screen, holding your computer hostage, as ransomware viruses do. Fortunately, those scams do not encrypt files. Every scam uses one or more phone numbers. You should carefully read this article to see how to remove such types of malware.
Threat Summary
| Name | YOUR COMPUTER HAS BEEN BLOCKED "Virus" |
| Type | Tech Support Scam |
| Short Description | A tech support scam stating that your computer is blocked and in some cases actually doing that. The end goal of these scams is to scare you or somehow force you into calling a phone number. |
| Symptoms | The message “Your computer has been blocked” appearing as a pop-up box, notification, error or as a whole page locking your browser or PC screen. You will be given a phone number and you will be lied to by crooks that you have a virus. |
| Distribution Method | Freeware Installers, Suspicious Sites, Redirects, Trojan Horse |
| Detection Tool | See If Your System Has Been Affected by YOUR COMPUTER HAS BEEN BLOCKED "Virus" Download Malware Removal Tool |
| User Experience | Join Our Forum to Discuss YOUR COMPUTER HAS BEEN BLOCKED "Virus". |
YOUR COMPUTER HAS BEEN BLOCKED – “Virus” — Update December 2018
A recent hybrid attack campaign carrying the “YOUR COMPUTER HAS BEEN BLOCKED” – “virus” threat has been identified. The attacks are done by spawning pop-ups on malicious sites that the users get redirected to. Common tactics include the creation of phishing pages or ones with domain names that may appear as legitimate login pages. This is the case with the newest release of the attack campaign that poses as a page belonging to “Microsoft Official Support”. It will spawn pop-up messages with the intent to trick the users into falling for the fake tech support scam.
The following phone numbers has been found to be associated with it: : +1-855-534-8622 and 888-340-8444.
YOUR COMPUTER HAS BEEN BLOCKED – Update July 2017
In July 2017, the scams that use the YOUR COMPUTER HAS BEEN BLOCKED message to scare people have increased. Typically, technical support scams use the message to try and trick you that you have a virus on your computer device. One of the latest trends around is the lie that you have the WannaCry virus, which became popular in the middle of month May, and kept being the theme for a lot of malware since then. New websites representing tech support scams are being created, which spread messages with new telephone numbers for you to call alleged Microsoft technicians, claiming that only they can fix your computer. These website pages are most commonly phishing pages that look like either the front page of the Microsoft official website or Google’s security warning that informs you about malicious domains. Be careful, do not call such numbers for unique support technicians, do not provide personal information and do not believe a browser detecting viruses on your PC unless you check with a security program first.
Update July 2017. Unfortunately, these tech support scams continue to spread in the wild, infecting users via various methods. As you will read later in the article, most tech support scammers rely on companies such as Microsoft to make their attempts more successful. The Microsoft approach definitely works at high rates as users tend to call the provided numbers once they see they should contact Microsoft Tech Support for assistance. Please remember that Microsoft doesn’t own a tech support line. This should be a clear indication of your system being invaded. One of the most recent reports by a victim clearly shows that users are easily tricked by the displayed message claiming their computer has been blocked. Remember that calling unsolicited numbers provided in such dubious ways is never a good idea.
YOUR COMPUTER HAS BEEN BLOCKED – Spread
This tech support scam has many variations. That’s why the YOUR COMPUTER HAS BEEN BLOCKED message can be displayed on your computer due to different spread methods. A common way for it to appear is when you are surfing the Web. When you visit websites which are suspicious and of unknown origin, they can spread the scam via redirect links or advertisements. Clicking on the ads or redirects is not always necessary as any interaction with the site might trigger them. Sometimes, just by leaving a website open can drop malicious files on your computer which load other sites supporting the scam. Phishing websites can make the message of the scam appear, too. It is easy to land on such sites because of a single spelling mistake in a URL.
The worst case scenario that can happen to show you the YOUR COMPUTER HAS BEEN BLOCKED message is if you have a Trojan horse present in your system. The Trojan horse may have installed itself using some of the spread methods mentioned above. In other cases, you may have installed it, without realizing that. You may have thought that you are installing an application which is useful. Many such third-party programs come bundled with other freeware and supposedly useful software. Unfortunately, some can secretly install additive features or even malware. To avoid additional content being put in your PC by such installer setups can be managed if your find Advanced or Custom options in the setup.
YOUR COMPUTER HAS BEEN BLOCKED – Details
YOUR COMPUTER HAS BEEN BLOCKED is a message that can appear on your screen from a tech support scam. The message can appear in a website page, notification, an error or a pop-up message. A phone number is always provided, which is supposed to be a number for contacting support technicians from Microsoft or another reputable company from the security sphere.
In some cases, you can experience your screen or browser being locked or an audio message being played for maximum effect. The file is usually played via the Adobe Flash Player or a similar plugin. The audio message can be applied to lots of such websites, especially if the number is not said in the audio file. The voice of a woman or a man urges you to call the number. You can hear such an example from the audio sample right here:
Many of the websites related to these tech support scams are made to look like the official Microsoft website. See an example of a fake Microsoft site from the below screenshot:
People who work in IT or are tech savvy will all tell you the painful truth, that Microsoft does not have a support call line. Knowing that information and seeing a phone number on a copycat site is a dead giveaway, but not for people who are unaware of that fact. You can easily fall victim to such a scam, especially when you are bombarded with pop-up messages such as YOUR COMPUTER HAS BEEN BLOCKED non-stop. The most common variant of such a scam employs a one-page website with a picture background which is a snapshot of the real Microsoft site as seen in the above image. There are two generic messages written inside the pop-ups:
** YOUR COMPUTER HAS BEEN BLOCKED **
Error # 268D3
Please call us immediately at +1-844-730-8222
Do not ignore this critical alert.
If you close this page, your computer access will be
disabled to prevent further damage to our network.Your computer has alerted us that it has been infected
with a virus and spyware. The following information is
being stolen…>Facebook Login
>Credit Card Details
>Email Account Login
>Photos stored on this computer
You must contact us immediately so that our engineers
can walk you through the removal process over the
phone. Please call us within the next 5 minutes to
prevent your computer from being disabled.Toll Free: +1-844-730-8222
*Your Windows (Microsoft) Computer has been blocked*
Windows System Alert!!
Call Microsoft At 1-888-243-3533
You have been blocked from accessing the Internet.
Private and financial data is at RISK:
– Your credit card details and banking information
– Your e-mail passwords and other account passwords
– Your Facebook ,skype,AIM,ICQ and other chat logs
– Your private & family photos and other sensitive files
– Your webcam could be accessed remotely by stalkersIt is Required that you call the number above and get your PC inspected before you continue using your internet, especially for Shopping or Banking.
The second message varies a bit and actually states Your Windows (Microsoft) Computer has been blocked. That exact same message can be seen in the third type of this scam, this time being loaded as a notification or an error box directly inside your desktop computer:
The error box is loaded without the requirement of an Internet connection, and it is displayed, because of malicious software, files and registry entries related to the scam are inside your computer. A Trojan horse is not excluded to be managing those files to remain persistent on your machine, so whatever action your try to perform on your PC, the message to be stuck there. That can also lock your desktop screen, and you could be unable to interact with your computer device just like ransomware viruses do.
The locking of your screen may or may not happen depending on the files residing on your machine and the type of tech support scam. That brings us to the fourth and final variant (for now) of the YOUR COMPUTER HAS BEEN BLOCKED message. Here, the website pushing the scam will lock your browser, and the word blocked in the message will be turned into locked. The website will look exactly like a legitimate Google Chrome Warning for a phishing site or malicious activity. You can see an example in the picture below:
The full text on the site says the following:
Your computer has been Locked
Your computer with IP address – has been infected by the Virus RDN/YahLover.worm!055BCCAC9FEC — Because System Activation KEY has expired & Your information (for example, passwords, messages, and credit cards) have been stolen. Call the Technical Support number +1-844-556-7757 to protect your files and identity from further damage.
Call Technical Support Immediately at 1-844-556-7757
The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information
The virus is well known for complete identity and credit card theft. Further action through this computer or any computer in the network will reveal private information and involve serious risks.
With that, the main four variants of the YOUR COMPUTER HAS BEEN BLOCKED technical support scam are exposed.
You can check out one of the most notorious such scams in the articles given down here:
- Computervirusalertsystem.today (1-844-730-8222)
- Error #268D3 (1-855-712-8551)
- Sweep Clean PC Pro (1-888-243-3533)
All phone numbers given in the article are for the purposes of giving real examples, and you shouldn’t dial any of them. If you see another website with phone numbers provided in a similar way, you shouldn’t call them.
The cybercriminals on the other end of the phone line will try to keep you on the line and lie to you. The lies go from how you shouldn’t tamper with your PC except when they instruct you, to how you need to provide personal information. They want your personal data to either sell it on the black market to the highest bidder or to empty your bank account if you provide them with your banking credentials. You can read more about how similar phone scams originating from Indian call centers make millions for the people behind them. Besides the money, bigger problems could follow, such as identity theft for instance.
YOUR COMPUTER HAS BEEN BLOCKED – Update February 2018
There are new landing pages with redirects, pushing the scam, stating that YOUR COMPUTER HAS BEEN BLOCKED. Along with that lie, you will see more redirects that show pop-ups with the text “Error 268D3-XC00037”. What is more, you can see other, similar scams on these redirect pages. The address 1aend.cf/call-microsoft-at-855-381-5333/ or something of the sort is one of the domains pushing the latest variation of the scam. As you can guess, the following telephone number is used by the scammers:
- 1-855-381-5333
The scam hasn’t changed tremendously, but you will be redirected more than once and your browser will get locked.
YOUR COMPUTER HAS BEEN BLOCKED – Update September 2017
This September, a tech support scam has been discovered, stating that your computer is blocked due to the infamous Zeus virus. It is believed that the scam is a variation of the “YOUR COMPUTER HAS BEEN BLOCKED” scam as it also uses some of its messages to try and trick users. The exact message is “ZEUS VIRUS DETECTED”” and the scam has a few different variants, and each of them has many domains which only have the URL and phone number altered.
YOUR COMPUTER HAS BEEN BLOCKED – Update August 2017
On the first of August, 2017 a ransomware variant with a similar theme has appeared, which pretends to be sent by the Federal Bureau of Investigation (FBI). That ransomware is called the Scotch Tape Locker Ransomware and locks your computer device, while stopping all access to your computer. It demands a ransom and tries to use a scare tactic to make you pay up. However, you should not pay as this is probably removable. Similar variants have been seen in the past, and it is expected for more of them to pop up in the future as well.
This is how that ransom note looks like:
YOUR COMPUTER HAS BEEN BLOCKED – Update July 2017
The scams do not stop with the tech support related ones, but elevate even further into ransomware cryptoviruses. This has happened a couple of years before, with ransomware that claims that a government agency like the CIA has locked or blocked your computer system and you have to pay a fee or you will end up in jail. The same story repeats itself now in 2017 with that kind of ransomware returning and a prime example of that is the Matrix ransomware virus. You can check out the article about it for further details or just see its ransom note below and see how the FBI (Federal Bureau of Investigation) is being used to scare users like you into giving money:
We have also created a video that should help you remove YOUR COMPUTER HAS BEEN BLOCKED virus from your system:
More removal instructions are available below.
YOUR COMPUTER HAS BEEN BLOCKED Removal
To remove the YOUR COMPUTER HAS BEEN BLOCKED tech support scam and its related files manually from your PC, follow the step-by-step removal instructions provided below. If the manual removal guide does not get rid of the scam and its redirects completely, you should search for and remove any leftover items with an advanced anti-malware tool. Software like that will keep your system secure in the future.
To remove YOUR COMPUTER HAS BEEN BLOCKED "Virus" follow these steps:
1. For Windows XP, Vista and 7.
2. For Windows 8, 8.1 and 10.
Fix registry entries created by malware and PUPs on your PC.
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.
Use SpyHunter to scan for malware and unwanted programs
1. Install SpyHunter to scan for YOUR COMPUTER HAS BEEN BLOCKED "Virus" and remove them.
Back up your data to secure it from malware in the future.
El Sabado 17-Febrero-18 a las 17:00 horas me bloquea el Ordenador una pantalla de ¿Microsoft? y una locución femenina en bucle diciendo que tengo VIRUS, que no toque ni apague el Ordenador porque se borraran datos y llame al teléfono 900861783. Lo hago y un ¿inglés Jack Walker? hablando mal Español me dice que es ¿Servicio Técnico de Microsoft?, que lo pueden solucionar por una de las 2 opciones de 2 o 5 años de mantenimiento de 192 o 325 €. Acepto la 2ª opción (que conlleva limpieza a fondo mensual) y durante 2 horas están limpiando mi Ordenador a distancia (con el software GoTo Opener de LogMein, Avast, AdBlock, Adguard AdBocker, Popup Blocker, etc.). Terminado este tiempo me llaman, comprobamos que está limpio el Ordenador y les hago la Transferencia a la Cta. IBAN ES5104870202839007013223, del BANCO MARE NOSTRUM (ex- Caja Murcia), del ESPARRAGAL-MURCIA (entre Lorca y Puerto Lumbreras), Beneficiario: Tomás Moreno Gil (¡¡¡ NO ES MICROSFOT !!!).
Después de esto e imaginando que he sido ESTAFADO, busco por Internet y veo ésta página que me lo confirma.
Hoy Lunes 19-Feb-2018, a primera hora he ido a mi Oficina bancaria y he podido ANULAR LA TRANSFERENCIA.
Después he ido al Cuartel de la Guardia Civil de Santiago de la Ribera-Murcia y he puesto una DENUNCIA POR ESTAFA.
Ahora estoy ANULANDO Tarjetas VISA, MASTERCARD, Claves de Acceso a cuentas Bancarias, eBay, Amazón, Webs diversas, etc. para intentar evitar otros posibles fraudes (porque estuvieron 2 horas “manejando mi ordenador”).
Disculpad lo extenso del relato, pero me parece importante que se sepa públicamente.
Pues a mi eso me paso ayer. En una pagina me salio el mensaje de que tenia un virus y no cerrara la pagina y llamara a un numero de teléfono que no se si seria ese pero si empezaba por 900. Yo pensé que podría ser una estafa llamas a un numero de teléfono y de hay supuse que me pedirían poder “hurgar” en mi pc y de más, pero yo como no podía cerrar la pagina apague el ordenador a las bravas. Cuando lo volví a encender le pase el antivirus, tengo el Avast gratuito y no detecto ningún virus, después lo volví a pasar en modo completo y tampoco detecto nada. De momento no se me ha borrado nada. Aunque la verdad estoy algo asustado de que todavía se borren… Yo la verdad no leí muy bien el mensaje solo leí lo de llamar numero de teléfono y borrar datos y poco mas y si el mensaje era de microsof y la pagina tenia el htps. Y hoy buscando información encuentro que no soy el único al que le ha pasado.
Me ha pasado lo mismo hoy Miércoles 21 de Febrero 2018. Llamé a ese 900. Me contestó un hombre con acento extranjero y me dijo que ese virus era muy potente y me borraría todos los datos y que lo tenía desde hace mucho tiempo en el sistema de mi pc., pero hoy se habría activado. Antes que siguiera le expliqué que hace dos días había comprado un nuevo Windows y había formateado el disco duro y empecé todo de cero. Me dice que era igual, que el virus estaba en el portatil. Le expliqué
que soy técnico en ordenadores e informática, que no era una experta porque había estudiado con los ordenadores de antes. Me preguntó si tenía tienda, o taller. Al decirle que solo reparaba a nivel familiar, me preguntó la edad. Le dije 70 años, pero que yo sabía del tema. Le dije que tenía el antivirus de McAfee original y que no entendía que no funcionaba. Me dice que el virus era tan potente que los antivirus no podían detectarlo y me ofrece venderme un antivirus de Microsoft y entrar en el portatil para repararlo él., pero en vista de nuestra conversación ya desistió y me dijo que cerrara la página desde el administrador de tareas. Explico esto para sumarme a las denuncias que estoy leyendo. Y para terminar, intentaré llamar a Microsoft, porque no entiendo como permite estos estafadores que usan la página de microsoft.
Me gustaría saber como pretendes que ésto sea útil si no especificas las medidas para erradicar dichos errores. LA información ya la sabemos, lo que la gente desconoce son los PROCEDIMIENTOS para erradicar sus efectos.
Y es precisamente lo que no mencionas.
Esta publicación es INÚTIL sin esa información. No sirve para NADA.
A mi me acaba de pasar y gracias s leer estos comentarios no deje que la cosa siguiese adelante. Lo que no se es si tienen alguna contraseña mía o si pueden volver a entrar nada más que abra el portátil. Me dicen que tienen que desinstalar lo que pusieron que es el abasto Premium y que van a mandar a un técnico a mi casa. Y para finalizar me dicen que si se tantas cosas que porque los dejo entrar. Gracias otra vez por los comentarios
Glad we were of help!
Estaba buscando un sitio web para ver una película y me sale un cartel que habían bloqueado la computadora por un virus y me da el teléfono 18555506455 Soporte Técnico me salió un hombre hablando inglés y me dijo que forzara la salida de Safari y otras indicaciones hasta que me dice te puedo limpiar la computadora por 100 dólares le dije no y me colgó apague la laptop y no la he encendido porque no sé cómo quitar el cartel que me sale
Don’t pay Technical Support and don’t call the number. It is a scam. Try booting the computer in safe mode, to see if you still get the screen. If not – remove the malware with a security tool.
se abre una página con el telefono 900 861 783 y queda todo bloqueado. Apago el ordenador y vuelta a empezar. Se trata de un virus que no se como quitar. ¿Comose quita?
Try to open the Windows Task Manager with Ctrl+Alt+Del (assuming you are with a Windows Operating system) and search for a process that takes more memory and shut it off. Also try booting into safe mmode to see the result – more instructions are found above in the removal instructions section.
I also get a popup like this, ‘YOUR COMPUTER HAS BLOCKED’ They said you visited a website ,porngraphy ,zoophila, rape , if you want to unlock your computer then you must pay 150 kuwaiti”s diner by i-tunes gift card or if you unblock your computer from an unofficial technician then your case will be moved on ‘Kuwait police’YOU HAVE ONLY 12 HOURS TIME FOR PAY THE FEE………what is the meaning of this sentence. ..please reply me…I’m so afraid of this..
Don’t worry – that should be only an empty threat as you may have realized by now. This is a variety of the Scotch Tape Locker Ransomware (https://sensorstechforum.com/scotch-tape-locker-ransomware-removal-restore-files/). You can remove the ransomware whithout your files getting deleted.
I also got a popup like this, ‘YOUR COMPUTER HAS BLOCKED’ They said you visited a website ,porngraphy ,zoophila, rape , if you want to unlock your computer then you must pay 150 kuwaiti”s diner by i-tunes gift card or if you unblock your computer from an unofficial technician then your case will be moved on ‘Kuwait police’YOU HAVE ONLY 12 HOURS TIME FOR PAY THE FEE………what is the meaning of this sentence. ..please reply me…I’m so afraid of this..
Hola Emilio
Mi nombre es Maria Teresa y también me ha pasado lo mismo, exactamente igual.
Gracias a tu comentario en esta página, sigo los mismos pasos en cuanto a anular la transferencia y denunciar a las autoridades.
La presente es para preguntarte:
1,_ Sí hiciste una revisión del ordenador.
2._ Después de la fechoría, has tenido algún intento, por parte de ellos, de entrar en tu correo, cuentas, etc.
Desde el 31 de julio, llevo sin abrir el ordenador por miedo a que se repita.
Gracias por tu atención y un saludo.
Buenas.
A mi tambien me acaban de salvar estos comentarios.
Colgué al hombre casi inmediatamente y cerré todo lo que habiamos hecho. Ahora estoy preocupado porque, aunque no llegué a darle mi nombre ni nada, estuvimos compartiendo pantalla un rato haciendo cosas raras. Ahora he vuelto a encender el ordenador y está todo bien, pero estoy preocupado. Solo he cerrado todo y apagado y vuelto a encender el portatil. Parece suficiente, pero no sé. Que piensan?
Gracias!