Severity scale:  

Remove “Bad Rabbit Attack” scam (Support Scam Virus) - Virus Removal Instructions

removal by Ugnius Kiguolis - - | Type: Malware

“Bad Rabbit Attack” tech support scam uses the name of popular ransomware virus

Screenshot of "Bad Rabbit Attack" scam

“Bad Rabbit Attack” is scammers’ attempt to make users believe that their computers were infected with Bad Rabbit virus. This ransomware-type cyber threat launched a massive worldwide attack in autumn 2017.[1] However, notification about detected malware is fake and generated by adware.

The potentially unwanted program (PUP) gets into the system together with free programs, and immediately makes changes to the system and web browsers in order to start redirects to “Bad Rabbit Attack” scam website.

The site delivers a pop-up message where criminals warn about blocked computer and possibility of stolen credentials. However, in order to solve the problem, users have to call 1-844-539-5778 within 5 minutes:

Windows Has Detected a BAD RABBIT ATTACK !! On Your System
Do Not Shutdown or Restart Your Computer
Contact Windows Certified Technicians For Immediate Assistance

Windows Has Detected a BAD RABBIT ATTACK !! On Your System
> Facebook Logins
> Credit Card Details
> Email Account Login
> Photos stored on this computer
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your computer from being disabled.
Call: 1-844-539-5778

Hopefully, you will never have to encounter an actual BadRabbit ransomware virus. However, if it happens, you will see a different alert on the computer and be unable to open any of your files. Thus, you should remain calm and do not contact authors of “Bad Rabbit Attack” technical support scam.

Scammers might have several purposes why they want you to call them, for instance:

  • this call might be expensive (it does not say that it’s a toll-free number like the majority of scams do);
  • criminals might want to get your sensitive data, such as full name or credit card details;
  • scammers might trick you into buying expensive security software that you do not need;
  • crooks might convince you into installing software that is malicious;[2]
  • you might be asked to give remote access to the fake “technicians” in order to clean your PC; thus, criminals might be able to do anything they desire with your computer or data saved in it.

Thus, instead of calling the number, you have to remove “Bad Rabbit Attack” virus from the computer. We highly recommend using anti-malware software like Reimage Reimage Cleaner Intego to clean your computer. PUPs rarely travel alone, so you might found other suspicious components installed without your knowledge.

However, adware which is responsible for redirecting to third-party sites can be eliminated manually too. Our team has provided manual “Bad Rabbit Attack” scam removal guide at the end of the virus description.

Image of "Bad Rabbit Attack" tech support scam
"Bad Rabbit Attack" is a security altert that informs abot detected dangerous virus.

Software installers might spread adware responsible for redirects to scam website

Usually, redirects to support scam website starts after incorrect installation of freeware or shareware. Free software installers that are available on various download sites typically are packages that include numerous additional applications.

The problem is that users often rely on Recommended or Quick setup which is designed to install the whole package without informing the user what is included in it. Thus, you should stop making this mistake and switch to Custom or Advanced settings for the installment of the needed program.

Get rid of “Bad Rabbit Attack” pop-ups

Being frequently redirected to scam website and seeing an increased amount of ads are the clearest sign of adware infection. Thus, you have to choose “Bad Rabbit Attack” removal method and fix your computer.

One of the options is manual elimination which requires locating and deleting adware-related components from the system without additional help. Well, our team has prepared manual removal guide in order to make removal simpler.

However, our colleagues from[3] note that manual elimination requires patients and at least average computer skills. Otherwise, you will leave adware-related components and continue visiting scammer’s website. Hence, if you want to avoid failure and remove “Bad Rabbit Attack” adware without any obstacles, you should opt for the automatic elimination method.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove “Bad Rabbit Attack” scam, follow these steps:

Eliminate “Bad Rabbit Attack” scam from Windows systems

To remove “Bad Rabbit Attack” redirect problem, you have to uninstall adware from Windows computer and reset each of the affected web browsers.

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall “Bad Rabbit Attack” scam and related programs
    Here, look for “Bad Rabbit Attack” scam or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'

Uninstall “Bad Rabbit Attack” scam from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for “Bad Rabbit Attack” scam or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Get rid of “Bad Rabbit Attack” scam from Internet Explorer (IE)

Follow these steps to stop Internet Explorer from redirecting you to scam websites:

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for “Bad Rabbit Attack” scam and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete “Bad Rabbit Attack” scam removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Delete “Bad Rabbit Attack” scam from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, “Bad Rabbit Attack” scam should be removed from your Microsoft Edge browser.

Erase “Bad Rabbit Attack” scam from Mozilla Firefox (FF)

Remove questionable Firefox add-ons and reset the browser:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select “Bad Rabbit Attack” scam and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete “Bad Rabbit Attack” scam removal. Click on 'Reset Firefox' button for a couple of times

Remove “Bad Rabbit Attack” scam from Google Chrome

Stop redirects to “Bad Rabbit Attack” scam website by followiing these steps:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select “Bad Rabbit Attack” scam and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete “Bad Rabbit Attack” scam removal. Click on 'Reset' button to complete your removal

Eliminate “Bad Rabbit Attack” scam from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for “Bad Rabbit Attack” scam or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete “Bad Rabbit Attack” scam removal process. Select all options and click on 'Reset' button

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding “Bad Rabbit Attack” scam