Home Malware Programs Adware "McAfee Has Blocked Your Windows" Support Scam

"McAfee Has Blocked Your Windows" Support Scam

Posted: April 6, 2019

The "McAfee Has Blocked Your Windows" support scam is a hoax that tricks victims into calling a con artist, who may demand payment or information in exchange for restoring your access to your computer. Users that may experience these attacks are loading a corrupted website or after their computer suffers from an attack by a screen locker Trojan. Use anti-malware products and standard recovery procedures for disabling the warning screen and removing the "McAfee Has Blocked Your Windows" support scam as it's necessary.

An AV-Branded Hoax for Your Desktop

Although they're simpler for reproducing than a file-locker Trojan's more involved antics, the importance of Trojans with screen-locking payloads is paling, relative to the extortionist leverage of encrypted media. However, this category of attack against PC users at random isn't extinct, and recent evidence is appearing of a new entry in the genre. The "McAfee Has Blocked Your Windows" support scam, propagating by means unknown, is a modern version of a very old hoax.

The "McAfee Has Blocked Your Windows" support scam may be being delivered by compromised ad networks or hacked websites, although the most likely method of display is via a screen-locking Trojan. The threat generates a borderless HTA (or advanced HTML) pop-up window and removes the default UI for minimizing, maximizing or closing it. In some cases, users may be incapable of changing focus to a separate window or terminate "McAfee Has Blocked Your Windows" support scam through shortcuts such as Alt + F4 equally.

While it's displaying, "McAfee Has Blocked Your Windows" support scam warms readers that the McAfee AV vendor is blocking their computers due to 'suspicious activity' and requires calling a hotline and providing the supposed employee with their alert code number. This attack is, however, not affiliated with the real McAfee. In similar classes of incidents, malware experts relate any contact with con artists to a loss of information (such as credit card numbers) and money, under the pretense of the fake employee providing unlocking assistance. There is an additional risk of the criminal requesting complete control over the computer, such as through a Remote Desktop application, which can result in other, unanticipated security issues.

When and When Not to Listen to McAfee Pop-Ups

While users of McAfee security software should, rightfully, heed any security alerts originating from those products, McAfee never will block your computer, monitor or Windows UI. The McAfee-brand reference in "McAfee Has Blocked Your Windows" support scam is an update to a template that malware experts see circulating periodically over multiple years and has no relationship with the company in question. For users needing accessibility that's being blocked by the attack, they may consider restarting through the Windows 'Safe Mode' feature or booting through their USB drive.

Current versions of "McAfee Has Blocked Your Windows" support scam use a hard-coded password that any user can input for recovering control over their desktops. The string 'H3J9-Z7K5-W5Y1-Q6L4' should close the pop-up, unless the threat actors update their hoax. Various anti-malware products can provide additional protection and should block the attack and remove the source of the "McAfee Has Blocked Your Windows" support scam during a system scan.

It would take a relatively gullible victim to fall for "McAfee Has Blocked Your Windows" support scam, but that doesn't make it any less inconvenient or harmful. Never take a strange pop-up's advice on fixing your computer, since the results aren't likely of being to your liking.