Severity scale:  
  (86/100)

“The HoeflerText font wasn’t found” ads. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Malware
12

“The HoeflerText font wasn’t found” scam attacks Google Chrome and Mozilla FIrefox users

“The HoeflerText font wasn’t found” virus is an example of an online scam that tricks people into installing fake Google Chrome or Mozilla Firefox updates. The virus spread via compromised websites[1]. When victims are tricked into visiting such site, they receive a pop-up message that informs about inability to display the web page’s content[2] correctly because HoeflerTex font[3] wasn’t found on the affected computer. Once the malware has been spotted for the first time, it aimed at Chrome users and asked to update “Chrome Font Pack” in order to fix this error. However, instead of this font pack, you can end up with Fleercivet Ad Clicking Trojan or even Spora ransomware on your computer.[4] On May 2017, malware researchers has discovered a new version of the scam that targets Mozilla Firefox users. Cyber criminals use the same social engineering scheme. However, this time users are asked to install “Mozilla Font Pack.” However, installation of this fake update ends up terribly wrong. This scam distributes a Zeus Panda banking trojan. Beware that the developers of this scam made it look very professional and realistic by filling it with the names of current and latest versions of the font and claiming that the message is delivered by Google or Mozilla Corporation. Bear in mind that your browser doesn’t need any updated fonts from the suspicious notification which is designed with the only purpose – to deceive you and make you open a malicious executive file that you can download from the described pop-up. 

We suggest that you stay away from websites that display the defined alert because it is a sign that they have been compromised by cyber criminals. If you agreed to install the described update, your browser and computer need you to start “The HoeflerText font wasn’t found” removal. It’s the only way to get rid of the malware that infiltrated the PC and protect your computer from further attacks. Remember that malicious programs are dangerous cyber threats[5] that can download and install additional malware to the compromised system, so you should take actions immediately to remove “The HoeflerText font wasn’t found” malware from the system. Therefore, do not hesitate and uninstall “The HoeflerText font wasn’t found” virus with the help of Reimage.

“The HoeflerText font wasn’t found” pop-ups are responsible for spreading Spora ransomware virus

Considering how successful this technique was, it is not surprising that ransomware developers were quick to try these new malware distribution methods. The first one to employ “The HoeflerText font wasn’t found” scam[6] was Spora virus, the infamous ransomware that is well-known for using sophisticated ransom payment websites and providing a variety of paid services to the victims. This program is a very dangerous virus that encrypts files with complicated cryptography algorithms and suggests paying a ransom in exchange for data decryption tool. Based on the fact how quickly Spora adapts new distribution techniques and also considering how professionally-made this virus is, we expect nothing more but an increased number of virus attacks shortly. Reportedly, compromised websites feature a Javascript code that attackers insert at the end of the page. This JavaScript code recognizes visitors who enter the site via Chrome and shows not the real, but a corrupted version of the website and triggers a pop-up stating that visitor’s Chrome browser lacks the HoeflerText font, and suggests installing it in order to view contents of the website. The message says:

The “HoeflerText” font wasn’t found.
The website you are trying to load is displayed incorrectly, as it uses the”HoeflerText” font. To fix the error and display the text, you have to update “Chrome Font Pack”.
ManuFacturer: Google Inc. All Rights Reserved
Current Version: [version number]
Latest version: [version number]

The new campaign that spreads the ransomware promotes Update.exe file. If the user clicks the Update button, downloads this file and executes it, the system gets infected with Spora malware, and the victim loses access to all of his files instantly.

HoeflerText attacks Mozilla Firefox users and spreads Zeus Panda banking Trojan

At the beginning of March 2017, security experts have noticed new HoeflerText ads attack targeted at Mozilla Firefox users.[7] Victims are tricked into visiting an infected website that includes a malicious JavaScript code. In this site, people receive a warning message that HoeflerText font was not found and due to this reason this web page is displayed incorrectly. In order to fix this issue, victims are asked to install “Mozilla Font Pack” update. This alert window might look legitimate because it provides information about manufacturer, current and latest version of the Mozilla. Thus, computer users can get quite easily get tricked into clicking an “Update” button. Once they do that, they initiate a download procedure. Users are shown a regular download window which informs about downloading a “Mozilla_Font_v7.87.zip” archive. Inside it, there’s a malicious Mozilla_Font_v7.87.js JavaScript file. Meanwhile, the crafted website changes the fake alert window and provides instructions how to install a fake Mozilla font package. As soon as the download completes, users need to double-click the JavaScript file and start the installation. Once it’s done, users are supposed to reboot Mozilla and enjoy installed updates. However, instead of updates, users agree to install Panda Banker virus. The virus is one of many versions of Zeus banking Trojan; thus, their private information is put at risk. When users click on this malicious file, they allow downloading a malware payload called “Mozilla_Font_v7.87.exe.” Once it is successfully saved in C:\ directory, it is executed and starts the installation of banking Trojan. Malware infects two svchost.exe processes and launches its hazardous task. If you got tricked into this scam, you should initiate virus removal immediately by running a full system scan with malware removal software.

Misleading warnings might appear on legitimate websites

As we have mentioned before, you can encounter these pop-ups on websites compromised by hackers who insert an additional piece of JavaScript code at the end of the page’s source code. Consequently, Chrome or Firefox users will see a corrupted version of the website instead of the real one. What is more, the additional code prompts a pop-up message stating that “The HoeflerText font wasn’t found.” If the victim agrees to install the suggested update, one simply downloads the Chrome_Update.exe or Mozilla_Font_v7.87.js file, which needs to be opened in order to activate the malware. This fake Chrome update reportedly was used to distribute ad fraud malware dubbed Fleercivet[8]. As far as we know, the latest compromised websites that display “The HoeflerText font wasn’t found” alerts are serving Update.exe file, which is an installer for Spora ransomware virus. Meanwhile, a fraudulent Firefox update is used for distribution and infiltration of Panda Banking trojan. Thus this alert includes similar information about inability to show a website’s content correctly and asks to install necessary updates. If you happen to enter a website that displays the described pop-up, better quit it immediately and do not come back to it. It might take some time for it to be fixed. If you have encountered such website, you can report it to us.

Getting rid of “The HoeflerText font wasn’t found” virus

“The HoeflerText font wasn’t found” virus is a very dangerous computer infection. After infiltration, it causes chaos on the browser by delivering misleading pop-ups, and it might also silently connect to various third-party websites via your Internet connection. However, in the worst case, you can get infected with a ransomware after installing this bogus update, and consequences will be devastating. So if you accidentally installed the virus, follow these instructions for a safe “The HoeflerText font wasn’t found” removal.


We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove “The HoeflerText font wasn’t found” ads you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall “The HoeflerText font wasn’t found” ads. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing “The HoeflerText font wasn’t found” ads (2017-05-08)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing “The HoeflerText font wasn’t found” ads (2017-05-08)
Hitman Pro
We have tested Hitman Pro's efficiency in removing “The HoeflerText font wasn’t found” ads (2017-05-08)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing “The HoeflerText font wasn’t found” ads (2017-05-08)

Manual “The HoeflerText font wasn’t found” ads Removal Guide:

Remove “The HoeflerText font wasn’t found” using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

If you have installed the virus and now your computer acts slowly or, in the worst case, you cannot access your files, reboot your PC using guidelines provided below. In case you cannot access your files, check out this article.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove “The HoeflerText font wasn’t found”

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete “The HoeflerText font wasn’t found” removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove “The HoeflerText font wasn’t found” using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of “The HoeflerText font wasn’t found”. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that “The HoeflerText font wasn’t found” removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from “The HoeflerText font wasn’t found” and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

References

Removal guides in other languages


  • mschiemann

    What a ridiculous pop up!

  • Anastas

    Does anyone knows what happens after installing that “Chrome Font Pack”? I am so curious

  • Steve He

    Yeah, its the message I found suspicious today. Thanks for the removal guidelines!