Severity scale:  
  (27/100)

Remove “Bad Rabbit Attack” scam (Support Scam Virus) - Virus Removal Instructions

removal by Ugnius Kiguolis - - | Type: Malware

“Bad Rabbit Attack” tech support scam uses the name of popular ransomware virus

Screenshot of "Bad Rabbit Attack" scam

“Bad Rabbit Attack” is scammers’ attempt to make users believe that their computers were infected with Bad Rabbit virus. This ransomware-type cyber threat launched a massive worldwide attack in autumn 2017.[1] However, notification about detected malware is fake and generated by adware.

The potentially unwanted program (PUP) gets into the system together with free programs, and immediately makes changes to the system and web browsers in order to start redirects to “Bad Rabbit Attack” scam website.

The site delivers a pop-up message where criminals warn about blocked computer and possibility of stolen credentials. However, in order to solve the problem, users have to call 1-844-539-5778 within 5 minutes:

Windows Has Detected a BAD RABBIT ATTACK !! On Your System
Do Not Shutdown or Restart Your Computer
Contact Windows Certified Technicians For Immediate Assistance

** YOUR COMPUTER HAS BEEN BLOCKED **
Windows Has Detected a BAD RABBIT ATTACK !! On Your System
> Facebook Logins
> Credit Card Details
> Email Account Login
> Photos stored on this computer
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your computer from being disabled.
Call: 1-844-539-5778

Hopefully, you will never have to encounter an actual BadRabbit ransomware virus. However, if it happens, you will see a different alert on the computer and be unable to open any of your files. Thus, you should remain calm and do not contact authors of “Bad Rabbit Attack” technical support scam.

Scammers might have several purposes why they want you to call them, for instance:

  • this call might be expensive (it does not say that it’s a toll-free number like the majority of scams do);
  • criminals might want to get your sensitive data, such as full name or credit card details;
  • scammers might trick you into buying expensive security software that you do not need;
  • crooks might convince you into installing software that is malicious;[2]
  • you might be asked to give remote access to the fake “technicians” in order to clean your PC; thus, criminals might be able to do anything they desire with your computer or data saved in it.

Thus, instead of calling the number, you have to remove “Bad Rabbit Attack” virus from the computer. We highly recommend using anti-malware software like ReimageIntego to clean your computer. PUPs rarely travel alone, so you might found other suspicious components installed without your knowledge.

However, adware which is responsible for redirecting to third-party sites can be eliminated manually too. Our team has provided manual “Bad Rabbit Attack” scam removal guide at the end of the virus description.

Image of "Bad Rabbit Attack" tech support scam"Bad Rabbit Attack" is a security altert that informs abot detected dangerous virus.

Software installers might spread adware responsible for redirects to scam website

Usually, redirects to support scam website starts after incorrect installation of freeware or shareware. Free software installers that are available on various download sites typically are packages that include numerous additional applications.

The problem is that users often rely on Recommended or Quick setup which is designed to install the whole package without informing the user what is included in it. Thus, you should stop making this mistake and switch to Custom or Advanced settings for the installment of the needed program.

Get rid of “Bad Rabbit Attack” pop-ups

Being frequently redirected to scam website and seeing an increased amount of ads are the clearest sign of adware infection. Thus, you have to choose “Bad Rabbit Attack” removal method and fix your computer.

One of the options is manual elimination which requires locating and deleting adware-related components from the system without additional help. Well, our team has prepared manual removal guide in order to make removal simpler.

However, our colleagues from viirused.ee[3] note that manual elimination requires patients and at least average computer skills. Otherwise, you will leave adware-related components and continue visiting scammer’s website. Hence, if you want to avoid failure and remove “Bad Rabbit Attack” adware without any obstacles, you should opt for the automatic elimination method.

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove “Bad Rabbit Attack” scam, follow these steps:

Eliminate “Bad Rabbit Attack” scam from Windows systems

To remove “Bad Rabbit Attack” redirect problem, you have to uninstall adware from Windows computer and reset each of the affected web browsers.

To remove “Bad Rabbit Attack” scam from Windows 10/8  machines, please follow these steps:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program.Uninstall from Windows 1
  3. From the list, find entries related to “Bad Rabbit Attack” scam (or any other recently installed suspicious program).
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK.Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program.Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Uninstall “Bad Rabbit Attack” scam from Mac OS X system

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove “Bad Rabbit Attack” scam from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for “Bad Rabbit Attack” scam-related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove “Bad Rabbit Attack” scam, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to “Bad Rabbit Attack” scam and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the “Bad Rabbit Attack” scam-related entries.Uninstall from Mac 2

Get rid of “Bad Rabbit Attack” scam from Internet Explorer (IE)

Follow these steps to stop Internet Explorer from redirecting you to scam websites:

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for “Bad Rabbit Attack” scam and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example, Google.com).
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete “Bad Rabbit Attack” scam removal.Reset Internet Explorer

Delete “Bad Rabbit Attack” scam from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the “Bad Rabbit Attack” scam-related extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Erase “Bad Rabbit Attack” scam from Mozilla Firefox (FF)

Remove questionable Firefox add-ons and reset the browser:

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select plugins that are related to “Bad Rabbit Attack” scam and click Remove.Remove extensions from Firefox

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear.Clear cookies and site data from Firefox

In case “Bad Rabbit Attack” scam did not get removed after following the instructions above, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox – this should complete “Bad Rabbit Attack” scam removal.Reset Firefox 2

Remove “Bad Rabbit Attack” scam from Google Chrome

Stop redirects to “Bad Rabbit Attack” scam website by followiing these steps:

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to “Bad Rabbit Attack” scam by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

If the above-methods did not help you, reset Google Chrome to eliminate all the “Bad Rabbit Attack” scam-components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings to complete “Bad Rabbit Attack” scam removal.Reset Chrome 2

Eliminate “Bad Rabbit Attack” scam from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension related to “Bad Rabbit Attack” scam and select Uninstall.Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

References

Your opinion regarding “Bad Rabbit Attack” scam