Severity scale:  

Your computer has been blocked. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Ukash virus, Tech support scam | Type: Malware

Your Computer Has Been Blocked – a scam that demands a ransom for allegedly illegal victim's activity

An illustration of the Your Computer Has Been Blocked virus

Your Computer Has Been Blocked virus is a program that displays system message stating about illegal user's actions online. This scam is a malevolent software that prevents access to the victim's PC either by locking the screen or triggering numerous alarming pop-ups on web browsers. It is linked with “This computer is blocked.html” file which launches scams informing users about illegal activity noticed by such governmental organizations as FBI. Having in mind that the fake alerts are filled with logos and other convincing details, they look legitimate scare people into contacting cybercriminals or paying the demanded money. Typically, such programs aim to force people to call tech support scammers[1] or pay immediately to regain access to the computer. Unfortunately, contacting malicious people or paying the money can lead you to even more damage, including a data loss. This scam has various ransomware features and this makes it even more dangerous to your personal privacy and the system of your device.  

Name “Your Computer Has Been Blocked”
Type Malware
main file This computer is blocked.html
Purpose Swindle money from people by tricking them into believing that they have been caught by the government for illegal activities
  • This computer is blocked.htm;
  • Error # FXX07 Your Browser Has Been Blocked;
  • Error #268D3 Your Computer Has Been Blocked;
  • Computer has been blocked;
  • etc.
Symptoms Displays a fake message about privacy or security of your computer, suggests to call “technicians” or pay directly to the “government”
Main dangers Demands money, asks providing personal information, offers installing the fake software
Distribution Spam email campaigns, deceptive ads, other malware
Elimination Use Reimage for “Your Computer Has Been Blocked” removal

Such viruses often display fake error codes (such as Error #268D3. Your Computer Has Been Blocked, Error # FXX07. Your Browser Has Been Blocked, and similar), or even mention a particular operating system (Windows (Microsoft) Computer has been blocked virus and APPLE COMPUTER HAS BEEN LOCKED virus). Each of these viruses will provide you with fake information regarding your computer's security, stating that someone violated your privacy by hacking your computer and now you have to get in touch with “certified technicians[2]” to solve the problem.

However, similar messages are used by ransomware developers, and these viruses typically blame the victim for doing something illegal. Of course, these viruses cannot actually detect any illegal activities on the computer, but their purpose is to convince the victim that they are capable of doing it. Accordingly, such viruses seek to convince the victim to pay a smaller fine within several days to “drop the charges.”

One of the most widespread variants of this malware belongs to ransomware[3] category. Once installed, it displays a full-screen fake notification which is expected to scare people into thinking that they have violated several laws of the United States of America and now have to pay the fine for that.

Typically, it blocks the system with a huge alert which seems to be sent by an official government representative (The Federal Department of Justice in this particular case). Besides, it speaks to the victim in the same language where he/she is located. The sad news is that there are actually Internet criminals behind the bogus notification. They seek to make you pay the supposed fine of $300 by purchasing the Moneypak voucher and sending the code to them.

You should NOT do that! You can unblock your computer and remove Your Computer Has Been Blocked ransomware from the system by following special steps that are listed below or scanning your system with trustworthy anti-malware tools.

In fact, this virus is rather old, security experts report about a new wave of similar viruses used by tech support scammers[4]. In this case, YOUR COMPUTER HAS BEEN BLOCKED malware declares that the user's computer system is full of errors that can be fixed only by contacting Microsoft Tech support agents.

The virus usually infects main web browsers and sets them to trigger redirects to specifically designed web pages controlled by online fraudsters. These web pages often resemble Microsoft's Support Page. Phishing web pages then trigger a pop-up which usually has a title “This site says…” or “From [webpage URL]:”, which is then followed by a scary message saying that the system has been infected, compromised, hacked, or affected by mysterious errors or viruses such as Zeus virus.

The bogus messages always contain a tech support phone number, which is typically presented as “toll-free.” Of course, you should never dial these numbers given in fake ads of such malware because people who are going to pick it up are scammers[5]. Their aim is to make you believe that the system is heavily infected by super advanced hackers and that the only way to rescue your PC is to follow commands from “certified technicians.”

Typically, such scammers ask the victim to do a list of useless tasks just to confuse him/her, and such commands usually are followed by a request to provide remote access to the so-called technician in order to fix the computer faster.

You should never provide remote access to cybercriminals because they might download and install ransomware or another virus on your computer; scammers who don't get access to the computer frequently seek to sell certain “security packages” to the victim, which usually contain one or two legitimate programs plus several free ones such as Adblocker browser extension. Of course, scammers sell these packages at an enormous price.

Such malicious programs belong to Tech support scam virus group. An example of deceptive pop-ups urging to call tech support scammers is displayed below.

The picture showing the newest version of Your computer has been blocked malware

You can temporarily disable this malicious warning message by closing your web browser. However, a full Your Computer Has Been Blocked removal requires running a full system scan with reliable computer protection software, such as anti-spyware or anti-malware (you can find some suggestions in the Software section, although we usually recommend using Reimage or SpyHunterCombo Cleaner programs).

You should not waste your time with that because malware which is related to this Tech Support Scam can also collect personal and non-personal information about the user. So, although this virus will not lock your files like the ransomware we described earlier, having it installed on your computer can result in a number of privacy violations or even identity theft.

Other versions of the malware

“Zeus virus detected – Your computer has been blocked” variation functions as a browser-based scam which alarms users with fake alerts that their operating system has been compromised. You might also notice the error message which indicates Error: Virus – Trojan Backdoor Hijack #365838d7f8a4fa5. 

The further content of the message warns users not to exit the web page as the supposed Microsoft support group will have to “disable your computer.” It is a pure nonsense but merely a deception. The message also contains 1-888-615-5854 number though it may vary due to an expansive network of this felons. There is no need to meddle with the fraudsters but exit the web page and scan the browser to eliminate the scam web scripts.

“Your computer has been blocked. Confirm navigation” is another version of the browser malware. In order to scare users, the crooks make up the story that your confidential information is about to be stolen. This type of browser scam also temporarily hijacks the browser, as you may not easily exit the page. 

As common for this tech support scam, the number of the supposed Microsoft technician is provided. Note that no genuine Microsoft alerts display messages with the included phone number. Such browser scams are not able to “disable” the computer as well. More elaborate PC-based tech scams and ransomware are only capable of inflicting such commands.

Error 268d3: Your computer has been blocked” version of the malware displays an almost identical alarming message which frightens users than their devices have been compromised with data-stealing malware. This version of scam also plays the integrated audio file. An abrupt male voice warns users to call 1-888-375-1978 or another number to “enable” the device again.

Certainly, all these claims are nothing more than deceptive lies. Some sub-versions of this scam may also function under bsodm.exe. If clicking “Prevent this page from creating additional dialogues” does not work, click ESC+CTRL+SHIFT to launch the Task Manager. Find the command, right-click on it and exit it. It is also recommended to scan the browser.

Techniques used to spread cyber infections

Previously, this ransomware virus was believed to hail from the same group as FBI virus and FBI virus Black Screen virus. However, recently it has been added to the “Tech support scam” group of viruses. Just like its predecessors, this virus comes in a form of email attachments, which are usually distributed via massive spam campaigns. Besides, some users have also reported that they got infected after downloading a free program to their computers. 

Once it gets inside the PC, it blocks the system down and replaces the desktop picture with “Your Computer Has Been Blocked” warning. This warning is all covered in black and shows a fake webcam for a victim. Besides, it uses the same white letters in the top left corner of its alert just like FBI Online Agent virus, which is the latest from the group of FBI virus. Be aware that you have to ignore this alert, which says:

Your computer has been blocked!
The work of your computer has been suspended on the grounds of the violation of the law of the United States of America.

Speaking of tech support scam viruses, they can reach the system along with freeware or shareware, pirated software and also via email. To avoid these malicious programs, we highly recommend you to act responsibly when installing free programs downloaded from the world wide web.

Remember, many free programs recommend installing extra programs alongside them, and you have to refuse to do it if you do not want to end up installing adware, browser hijackers, or tech support scam malware. To decompose software packages, we recommend choosing Custom or Advanced settings for their installation and deselecting every optional item added to your desired piece of software.

“Your Computer Has Been Blocked” scam termination tips 

Many users do not know how to remove Your Computer Has Been Blocked virus, although all it takes to wipe it off the system is running a professional malware removal software. However, when trying to remove this or other ransomware from FBI virus group, the biggest problem is unlocking the system.

First of all, you should restart your computer using instructions provided below to run it in a Safe Mode with Networking. Once the computer boots, download an anti-malware software or update the one you already have; after that, perform a full system scan with it. You can also try to unlock your screen by opening your Task Manager -> Processes tab and ending black.exe process.

When you complete this task, you should scan your system with anti-malware immediately. Your Computer Has Been Blocked removal is a long and sometimes difficult process, therefore, to avoid similar attacks in the future, it is advisable to regularly backup of your data and keeps it in an alternative place.

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Your computer has been blocked, follow these steps:

Remove Your computer has been blocked using Safe Mode with Networking

To remove a virus that displays the aforementioned warning to you, you should restart your PC according to these guidelines and let an anti-malware software check your computer's status.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Your computer has been blocked

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Your computer has been blocked removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Your computer has been blocked using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Your computer has been blocked. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Your computer has been blocked removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Your computer has been blocked and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunterCombo Cleaner or Malwarebytes Malwarebytes

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions


Removal guides in other languages

Your opinion regarding Your computer has been blocked