Remove “Your Windows Has Been Banned” Lockscreen Virus - How to, Technology and PC Security Forum |

Remove “Your Windows Has Been Banned” Lockscreen Virus

Article created to remove “Your Windows Has Been Banned” lockscreYour Windows Has Been Banneden ransomware and restore your files.

A ransomware infection, published by Microsoft security experts on 28th of February has been detected to lock the screen of the victims it infects and pretend it encrypts their files. The infection has been reported to display a “Blue Screen of Death” type of message to the victims and scare them off into paying the sum of 200$ to unlock their screen. The “Your Windows Has Been Banned” ransomware infection is from the lockscreen type and is not a very dangerous threat since it’s unlock password is discovered in it’s malware code. In order to unlock your computer and remove this threat, we advise you to read this material.

Threat Summary


Your Windows Has Been Banned Virus

Short DescriptionThe malware locks the screen of its victims, pretending to be from Windows. Then asks a ransom to be paid in the frame of $200
SymptomsThe user may witness ransom notes and “instructions” on his screen which is locked. The instructions begin with “Your Windows Has Been Banned” message.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Your Windows Has Been Banned Virus


Malware Removal Tool

User ExperienceJoin our forum to Discuss Your Windows Has Been Banned Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

“Your Windows Has Been Banned” Virus’s Infection Process

To infect a given computer, the Your Windows Has Been Banned virus is reported by security researchers at Microsoft to use a file, pretending to be legitimate Windows file, called microsoft.exe. It looks like the following:

This executable may be uploaded In shady websites, tricking users it is an original installer of a Microsoft product. However, it may also be sent out via spam mail accompanied via a fake message.

Once the user opens the file, the Your Windows Has Been Banned virus creates a registry entry that disables Windows Task Manager. This registry value is called “DisableTaskMgr” and is located in the following Windows Registry sub-key:

→ HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Policies\System

Then the virus locks the screen of the user displaying a ransom message in the form of a Windows Style Lockscreen:

The screenlock demands $200 to be paid to an e-mail address, identified as [email protected].

If the victim pays the ransom he or she may receive an unlock key and enter it, after which receive the following screen if the computer is successfully unlocked.

Luckily, now you do not have to pay any form of ransom to the ones behind the “Your Windows Has Been Banned” threat, because researchers have also discovered the unlock code in the malicious files themselves. The code is believed to be 30264410.

How to Properly Unlock Your PC and Remove “Your Windows Has Been Banned” Virus

If you have become a victim of the “Your Windows Has Been Banned” lockcreen, recommendations are to follow these steps.

Manually delete Your Windows Has Been Banned Virus from your computer

At the footer of the Lockscreen, you will find an unlock code field:

In it, enter the code 30264410. After this, you can remove the malware by following the instructions on the red screen which are:

1.Enter Windows Key + R
2.Type shell:startup
3.Delete the file winban.exe (or all files)

However, there still may be some malicious files left over after deletion of the winban.exe threat. This is why it is highly recommended to boot your computer into safe mode and scan for those files with adequate anti-malware software. Installing such software will detect all associated objects with “Your Windows Has Been Banned” lockscreen and remove them from your computer completely as well as protect your computer in the future.

Automatically remove Your Windows Has Been Banned Virus by downloading an advanced anti-malware program

1. Boot Your PC In Safe Mode to isolate and remove Your Windows Has Been Banned Virus files and objects
2. Remove Your Windows Has Been Banned Virus with SpyHunter Anti-Malware Tool and back up your data

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.