'Your Windows Hasbeen Banned' Screenlocker

'Your Windows Hasbeen Banned' Screenlocker Description

The 'Your Windows Hasbeen Banned' Screenlocker is a Trojan that locks your screen while displaying a fake Microsoft support message. Because the 'Your Windows Hasbeen Banned' Screenlocker isn't a legitimate Windows error, you should follow the instructions in this article for disabling it and ignore recommendations by the Trojan. Malware researchers found standard anti-malware solutions effective at blocking and uninstalling the 'Your Windows Hasbeen Banned' Screenlocker, when appropriate.

A ToU Violation that's Both More and Less than What It Looks Like

The 'Blue screens of death' once were the sardonic hallmark of technical problems with Windows machines. While recent versions of the operating system eliminate many BSoD-related issues, threat authors remain intent on exploiting social awareness of the phenomenon to make money. However, PC owners sufficiently perceptive often can see clear differences between real Windows alerts and attacks like the 'Your Windows Hasbeen Banned' Screenlocker's payload.

The 'Your Windows Hasbeen Banned' Screenlocker is a Trojan whose campaign activities most likely began sometime in November, using installation exploits that malware experts have yet to verify. After the installation routine, the 'Your Windows Hasbeen Banned' Screenlocker blocks your screen by loading a borderless pop-up window, preventing you from accessing other applications or your Windows desktop. The accompanying message uses a graphical format and content meant to convince the victim that Microsoft locked the OS in response to Terms of Use violations.

The 'Your Windows Hasbeen Banned' Screenlocker includes a built-in interface for paying its threat actor (which it falsely describes as being a Microsoft support technician) to unlock your computer. However, the vulnerabilities malware experts see in current versions of the 'Your Windows Hasbeen Banned' Screenlocker make it likely that victims will be able to unlock their PCs (see below), regardless of whether or not they pay the fake fine.

As always, a 'Your Windows Hasbeen Banned' Screenlocker doesn't have any corroboration with illicit activities on your part necessarily, although similar threats may distribute themselves by bundling with improper downloads or exploiting corrupted websites.

Reversing an Account Ban that You Didn't Earn

Although the advice it provides is fraudulent, pausing to examine the contents of the 'Your Windows Hasbeen Banned' Screenlocker's pop-up can provide a breadcrumb trail of its nature as a threat. The 'Your Windows Hasbeen Banned' Screenlocker's lock-screen includes numerous typos and formatting inconsistencies, most likely indicative of its author being young or a non-English native speaker. Malware experts also were pleased to find the 'Your Windows Hasbeen Banned' Screenlocker using a hard-coded password, providing victims with an easy screen-unlocking solution inadvertently.

Entering the code '123456' unlocks all versions of the 'Your Windows Hasbeen Banned' Screenlocker to date. If the 'Your Windows Hasbeen Banned' Screenlocker's threat actor updates the password, malware experts recommend using standard secure reboot techniques, such as Safe Mode, to disable the 'Your Windows Hasbeen Banned' Screenlocker's self-launching exploit. Although malware experts find no other attacks of note in this Trojan's payload, using anti-malware products to eliminate the 'Your Windows Hasbeen Banned' Screenlocker also can remove related threats that can drop other categories of threatening software onto the system.

Arguably, taking a random pop-up's authenticity for granted is one of the worst security mistakes any PC owner can make. In most circumstances, the real issue is a false flag like the 'Your Windows Hasbeen Banned' Screenlocker that's resolved expediently, once one discards all the inaccurate information.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'Your Windows Hasbeen Banned' Screenlocker may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: November 28, 2016
Home Malware Programs Potentially Unwanted Programs (PUPs) 'Your Windows Hasbeen Banned' Screenlocker

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.