Remove "Your Windows Has Been Banned" Lockscreen Virus - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove “Your Windows Has Been Banned” Lockscreen Virus

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Article created to remove “Your Windows Has Been Banned” lockscreen ransomware and restore your files.

A ransomware infection, published by Microsoft security experts on 28th of February has been detected to lock the screen of the victims it infects and pretend it encrypts their files. The infection has been reported to display a “Blue Screen of Death” type of message to the victims and scare them off into paying the sum of 200$ to unlock their screen. The “Your Windows Has Been Banned” ransomware infection is from the lockscreen type and is not a very dangerous threat since it’s unlock password is discovered in it’s malware code. In order to unlock your computer and remove this threat, we advise you to read this material.

Threat Summary

Name

Your Windows Has Been Banned Virus

TypeLockscreen/Ransomware
Short DescriptionThe malware locks the screen of its victims, pretending to be from Windows. Then asks a ransom to be paid in the frame of $200
SymptomsThe user may witness ransom notes and “instructions” on his screen which is locked. The instructions begin with “Your Windows Has Been Banned” message.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Your Windows Has Been Banned Virus

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Your Windows Has Been Banned Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

“Your Windows Has Been Banned” Virus – Update December 2018

The “Your Windows Has Been Banned” virus has been seen to have multiple versions spreading over the Internet.
One of the latest malware samples has been analyzed at VirusTotal and it seems to pose as a binary files named “Microsoft.exe” as seen below:

On top of that a newer variant posts a similar lockscreen with the error message ”

Remove Your Computer Has Been Banned scam in full. Follow the Your Computer Has Been Banned tech support scam removal instructions at the end of the article
Your Computer Has Been Banned “. An even newer variant poses as the “
Remove "Windows Security has been Compromised" scam in full. Follow the tech support scam removal instructions at the end of the article.
Windows Security has been Compromised” Lockscreen error. Be careful when you are browsing the Web, do not believe in such scams and never meet their demands.

“Your Windows Has Been Banned” Virus’s Infection Process

To infect a given computer, the Your Windows Has Been Banned virus is reported by security researchers at Microsoft to use a file, pretending to be legitimate Windows file, called microsoft.exe. It looks like the following:

This executable may be uploaded In shady websites, tricking users it is an original installer of a Microsoft product. However, it may also be sent out via spam mail accompanied via a fake message.

Once the user opens the file, the Your Windows Has Been Banned virus creates a registry entry that disables Windows Task Manager. This registry value is called “DisableTaskMgr” and is located in the following Windows Registry sub-key:

→ HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Policies\System

Then the virus locks the screen of the user displaying a ransom message in the form of a Windows Style Lockscreen:

The screenlock demands $200 to be paid to an e-mail address, identified as [email protected].

If the victim pays the ransom he or she may receive an unlock key and enter it, after which receive the following screen if the computer is successfully unlocked.

Luckily, now you do not have to pay any form of ransom to the ones behind the “Your Windows Has Been Banned” threat, because researchers have also discovered the unlock code in the malicious files themselves. The code is believed to be 30264410.

How to Properly Unlock Your PC and Remove “Your Windows Has Been Banned” Virus

If you have become a victim of the “Your Windows Has Been Banned” lockcreen, recommendations are to follow these steps.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...