Your Windows Has Been Banned Scam
Written by Tomas Meskauskas on (updated)
What is "Your Windows has been banned"?
"Your Windows has been banned" or "This PC has been Blocked" is a fake error message claiming that the user has violated Microsoft's terms of use. Be aware, however, that this is simply a scam that locks the computer screen and encourages victims to contact "Microsoft's Technicians" who will supposedly help to solve the problem.
The "Your Windows has been banned" error states that Microsoft has detected unusual activity on the system and that the reason for this might be various computer infections. Therefore, to protect other Windows users, Microsoft has locked the computer.
To return their system to the previous state, victims must supposedly contact Microsoft technicians and purchase a code to unlock the screen. Be aware, however, that these claims are false. Cyber criminals merely attempt to scare victims and trick them into paying. This error message is not genuine.
Therefore, never attempt to contact these fake technicians or pay for any code. Fortunately, Michael Gillespie has analyzed this malware and discovered a code ("6666666666666666" or "XP8BF-F8HPF-PY6BX-K24PJ-RAA00") that unlocks the computer free of charge.
Therefore, there is no need to pay the ransom. If you pay, you will merely support cyber criminals' malicious businesses. Note that after unlocking the screen, this virus creates a text file ("README.txt") and places it on the desktop. The file contains a message encouraging victims to contact cyber criminals via Twitter. You should ignore this message.
"Your Windows has been banned" shares many similarities with other fake error messages such as ERROR_LOCAL_USER, You Have A ZEUS Virus, Hacking Alert, etc. All state that the system is corrupted, infected, or damaged in some way. In fact, these claims are merely attempts to trick victims into paying.
Viruses such as these are often distributed with adware/browser-hijacking apps, however, most are distributed using peer-to-peer (P2P) networks and other third party software download sources (for example, free file hosting sites, freeware download websites, and so on), malicious files attached to spam emails, fake software updaters, and trojans.
Therefore, never download software from unofficial sources or open files received from unrecognized/suspicious email addresses. In addition, keep your installed software up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.
An updated variant of this scam uses "This PC has been Blocked" headline to scare PC users into believing that their operating system was blocked due to privacy violations.
"Your Windows has been banned" error message:
This PC has been banned for terms of use violations. To protect the Windows service and its members. Microsoft does not provide details about specific PC bans. This PC has been banned because we detected an unusual activity on your computer. To protect the Windows service and its members. You PC maybe has been infected with viruses that do an unusual activity. To grant access to your PC please pay some fee to trusted Microsoft Technician and the Microsoft Technician will give you a code to unlock your PC. To contact nearest Microsoft Technician please click button below.
Screenshot of "README.txt" file:
Text presented within this file:
Your PC has been infected with Black virus,
this virus will destroy all your files in 72 hours,
to prevent this you just have to send a tweet with this template:
@BlackVirus
You get me,
and my ID is: ruehpyvh.i44
so now libert me.
Yet another variant of this scam discovered by security researcher Jiri Kropac (unlock code - "nvidiagpuareshit"):
Text presented in this scam:
Your Windows Has Been Banned
This PC has been banned for terms of use violations. To Protect the Windows service and its members. Microsoft does not provide details about specific PC bans. Your PC has been banned because we detected an unusual activity on your computer. To protect the windows service and its members your PC maybe has been infected with viruses that do an unusual activity like botnet, dos, etc. to grant access back to your computer please pay some fee to trusted Microsoft Technicians and the Microsoft Technician will give you a code to unlock to get a code please click button down below to contact the nearest Microsoft Technician.
Nearest Microsoft Technician Found! Contact: +62 081224380320
Here's another variant of this scam, first discovered by security researcher Jiri Kropac (unlock code for this one is "123456"):
Text presented in this scam:
Your Windows Has been Banned
This PC has been banned for terms of use violations. To protect the windows service and its members. Microsoft does not provide details about specific PC bans.
Your PC has been banned because we detected an unusual activity on your computer. To protect the windows service and its member your PC maybe has been infected with viruses that do an unusual activity like botnet, dos, etc. to grant access back to your computer please pay some fee to trusted Microsoft Technician and the Microsoft Technician will give you a code to unlock to get a code please click button below to contact the nearest Microsoft Technician. Already Have your unlock code? Enter it here.
Yet another variant of this scam - "Your computer has been banned" (to unlock this screenlocker users can use "Z234-0113-522T-3UIOP" key):
Another variant of "Your Windows Has Been Banned" scam (the unlock code is "30264410", provided by MalwareHunterTeam):
Text presented within this variant:
Your Windows has been Banned
Dear Windows User, Your PC have been banned and we are sorry to say that we are now Hijacking (legally) to your computer and we are now trying to Encrypt (Lock) your files, because of Fake Windows.
To Know more about this kinds of Windows bans, Visit : www.microsoft.com
What to do now?
Solution Found!!!
Yes, To Unlock Your PC Now, You can 2 things. You have to play us
in order to Unblock your pc or we delete all of your files now!Payment Information :
We are demanding : 200$ (USD)
Send it Via Paypal to : microsoftxyber@hackindex.comThanks
Already Registered Windows? Give Code Here ***** [SUBMIT]
Another variant of "Your Windows Has Been Banned" scam (the unlock code is "hardcoreTR", provided by MalwareHunterTeam):
Text presented within this variant:
Your Windows Has Been Banned
Your Windows Has Been Banned And Microsoft detected an unsolveable Therat And This Therat Can Result A Great Loss to your Computer and its been violated the Terms Of Microsoft Microsoft Will Not Be responsible for any kinds of bans.
Your Pc Has Been Banned, So you cant access your PC right now and its very much bad for you.We have Covered you with 2 options.
1.Install a new windows
2.Verify The Windows
The Choice is Yours, If you Choose the number 1.Then We are going to Delete All of your files From computer and we are going to ban you from computer. and the 2nd refers if you Want Your files back click the bellow button (Solution) and you need to pay 300$ the microsoft tech assistant and he will give you a code then you can get your files back.
[Solution]
Microsoft Tech Around You!
Name: UcanInek
Email:mr.hakancamioglu@gmail.com
Alredy Got Your Verification Code? Submit it here [ ] [Submit]
Another variant of "Your Windows Has Been Banned" pop-up screenlocker:
Text presented within:
Your Windows has been Banned
Your windows has been banned and Microsoft has detected an unsolveable threat that
can result a great loss to your computer and its been violated the terms of Microsoft
We (Microsoft) will not be responsible for any kinds of ban
Your PC has been banned, and you cannot access your PC right now and it is very much bad for you. We have covered 2 options for you
1.Install new windows
2.Verify windowsThe choice is yours, if you choose number1, We are going to delete all your files from your computer and ban you
from your PC, if you choose 2nd one refers if you want your files back.Click the bellow button (what to do) and you need to pay Microsoft tech assistant and he will give yo a code then you can get your files back[Solution]
Already got your code? Submit it here [Submit]
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "Your Windows has been banned"?
- STEP 1. "Your Windows has been banned" scam removal using safe mode with networking.
- STEP 2. "Your Windows has been banned" scam removal using System Restore.
"Your Windows has been banned" scam removal:
Step 1
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".
Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking Prompt.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Step 2
Log in to the account infected with the "Your Windows has been banned" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove viruses using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window, click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the "Your Windows has been banned" virus infiltrating your PC).
6. In the opened window, click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the "Your Windows has been banned" virus.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some viruses disable Safe Mode making it's removal complicated.
For this step, you require access to another computer. After removing "Your Windows has been banned" virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.
Other tools known to remove this scam:
▼ Show Discussion