What is “Your Windows has been Banned” scam?
According to the message displayed in this scam alert, Microsoft has detected unusual activity on the system and that it is caused by some computer infection. So to protect other Windows users, Microsoft has locked the computer. And to return the computer on its previous state, victims must contact the supposedly Microsoft technicians and purchase a code to unlock the screen. Due to this behavior, it highly resembles ransomware infections that encrypt files in exchange for a ransom. Here’s the full context of the “Your Windows has been Banned” scam:
“Your Windows Has been Banned
Your PC has been banned because we detected an unusual activity on your computer. To protect the windows service and its member your PC maybe has been infected with viruses that do an unusual activity like botnet, dos, etc. to grant access back to your computer please pay some fee to trusted Microsoft Technician and the Microsoft Technician will give you a code to unlock to get a code please click button below to contact the nearest Microsoft Technician. Already Have your unlock code? Enter it here.”
Although the alert may look terrifying, you shouldn’t give in to the pressure these crooks are putting you on since all of these threats are nothing but lies. Cyber criminals merely attempt to scare victims to get them to pay money. Therefore, you should never even try to contact these so-called Microsoft technicians for they might only ask for more money or you might unknowingly grant them even more access to your computer remotely.
Thankfully, a security expert has analyzed this malware and was able to discover a code (6666666666666666 ” or “XP8BF-F8HPF-PY6BX-K24PJ-RAA00) to unlock your computer. So really, there is no need for you to panic and pay the cyber crooks just to unlock your computer. After you’ve unlocked your screen, the malware creates a text file named README.txt that contains the following message:
“Your PC has been infected with Black virus,
this virus will destroy all your files in 72 hours,
to prevent this you just have to send a tweet with this template:
You get me,
and my ID is: ruehpyvh.i44
so now libert me”
You should ignore this message and proceed in removing the malware from your computer before it gets worse. To remove “Your Windows has been Banned” scam, refer to the removal guide below.
Step 1: Unlock your screen by typing 6666666666666666 ” or “XP8BF-F8HPF-PY6BX-K24PJ-RAA00 into the unlock box.
Step 2: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for suspicious processes that can be related to the “Your Windows has been Banned” scam.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 3: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Step 4: Look for any malicious program and then Uninstall it.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and then look for the corrupted files such as the text file, README.txt created by the malware and delete them.
Step 7: Close the File Explorer.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that “Your Windows has been Banned” scam created. So if you are not familiar with the Windows Registry skip to Step 12 onwards.
However, if you are well-versed in making registry adjustments, then you can proceed to step 8.
Step 8: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 9: Navigate to the following path:
Step 10: Delete the registry value named DECRYPTINFO.
Step 11: Close the Registry Editor.
Step 12: Empty the Recycle Bin.
Follow the continued advanced steps below to ensure the removal of the “Your Windows has been Banned” scam:
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro Installation will start automatically once download is done.
- Click OK to launch SpyRemover Pro.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.