'Your Windows Hasbeen Banned' Screenlocker

The 'Your Windows Hasbeen Banned' Screenlocker is a Trojan that locks your screen while displaying a fake Microsoft support message. Because the 'Your Windows Hasbeen Banned' Screenlocker isn't a legitimate Windows error, you should follow the instructions in this article for disabling it and ignore recommendations by the Trojan. Malware researchers found standard anti-malware solutions effective at blocking and uninstalling the 'Your Windows Hasbeen Banned' Screenlocker, when appropriate.

A ToU Violation that's Both More and Less than What It Looks Like

The 'Blue screens of death' once were the sardonic hallmark of technical problems with Windows machines. While recent versions of the operating system eliminate many BSoD-related issues, threat authors remain intent on exploiting social awareness of the phenomenon to make money. However, PC owners sufficiently perceptive often can see clear differences between real Windows alerts and attacks like the 'Your Windows Hasbeen Banned' Screenlocker's payload.

The 'Your Windows Hasbeen Banned' Screenlocker is a Trojan whose campaign activities most likely began sometime in November, using installation exploits that malware experts have yet to verify. After the installation routine, the 'Your Windows Hasbeen Banned' Screenlocker blocks your screen by loading a borderless pop-up window, preventing you from accessing other applications or your Windows desktop. The accompanying message uses a graphical format and content meant to convince the victim that Microsoft locked the OS in response to Terms of Use violations.

The 'Your Windows Hasbeen Banned' Screenlocker includes a built-in interface for paying its threat actor (which it falsely describes as being a Microsoft support technician) to unlock your computer. However, the vulnerabilities malware experts see in current versions of the 'Your Windows Hasbeen Banned' Screenlocker make it likely that victims will be able to unlock their PCs (see below), regardless of whether or not they pay the fake fine.

As always, a 'Your Windows Hasbeen Banned' Screenlocker doesn't have any corroboration with illicit activities on your part necessarily, although similar threats may distribute themselves by bundling with improper downloads or exploiting corrupted websites.

Reversing an Account Ban that You Didn't Earn

Although the advice it provides is fraudulent, pausing to examine the contents of the 'Your Windows Hasbeen Banned' Screenlocker's pop-up can provide a breadcrumb trail of its nature as a threat. The 'Your Windows Hasbeen Banned' Screenlocker's lock-screen includes numerous typos and formatting inconsistencies, most likely indicative of its author being young or a non-English native speaker. Malware experts also were pleased to find the 'Your Windows Hasbeen Banned' Screenlocker using a hard-coded password, providing victims with an easy screen-unlocking solution inadvertently.

Entering the code '123456' unlocks all versions of the 'Your Windows Hasbeen Banned' Screenlocker to date. If the 'Your Windows Hasbeen Banned' Screenlocker's threat actor updates the password, malware experts recommend using standard secure reboot techniques, such as Safe Mode, to disable the 'Your Windows Hasbeen Banned' Screenlocker's self-launching exploit. Although malware experts find no other attacks of note in this Trojan's payload, using anti-malware products to eliminate the 'Your Windows Hasbeen Banned' Screenlocker also can remove related threats that can drop other categories of threatening software onto the system.

Arguably, taking a random pop-up's authenticity for granted is one of the worst security mistakes any PC owner can make. In most circumstances, the real issue is a false flag like the 'Your Windows Hasbeen Banned' Screenlocker that's resolved expediently, once one discards all the inaccurate information.