Severity scale:  
  (99/100)

Funfact ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

Modus operandi of Funfact ransomware virus

A brand new ransomware, called Funfact virus, is making rounds on the Internet and was recently detected by malware analysts on VirusTotal. This virus uses standard encryption algorithms[1] to convert victim’s files into hostages stored on victim’s computer. Encrypted files are strongly secured and can no longer be accessed – as long as the victim doesn’t have the unique decryption key[2]. Such situation can be solved in several ways – the victim can follow instructions left in note.ini ransom note and obey offenders’ commandments by paying the ransom they demand (which is a highly not recommended option), or use data backup[3] to restore lost files. If the victim doesn’t have a backup, one can try traditional data recovery tools and methods, however, in most cases, they fail to work because encryption ciphers are known to be very strong, and they can hardly be cracked using third-party tools. Therefore, data can be lost forever.

Speaking of Funfact ransomware, we have to point out that it drops clsign.dll, rar.exe, trc.dll, and wallet.jpg files on the system. The last one, called wallet.jpg, is a QR code[4], which victims can scan to find out what is the right Bitcoin address that they are asked to send the ransom payment to. In the ransom note, criminals also state that victim must prove that the ransom was paid by sending a copy of the transaction to funfacts11@tutanota.com or worldfunfact@sigaint.org email address. According to the criminals, then the victim will be provided with the Funfact ransomware decryption key and software that is meant to restore files to their initial condition. However, keep in mind that it is also possible to lose your money along with your files, so ask yourself whether your files are worth the risk of losing a significant amount of money. In case you decide not to pay up, you will need to remove Funfact ransomware somehow. We highly recommend you not to do it manually. For Funfact removal, employ software like Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus.

When did I get infected with this malicious software?

Although official Funfact distribution channels are unknown, it is believed that this ransomware Trojan spreads via mail spam and possibly via malicious software bundles. The first option is accessible to every amateur ransomware developer as it doesn’t demand any high-level programming skills, except a bit of creativity. Scammers simply need to compose convincing letters and rename the malicious executive into something that has double file extensions, for example, Document/Scan/Review/Test_Results.doc.exe. Criminals hide the real file extension, which is .exe, to convince the victim to open the file while thinking that it is a document and not an executive file.  Consequently, the ransomware gets activated and encrypts all target files then. Alternatively, they might insert a malicious script into a Word file[5] and ask the victim to activate Macros to “view contents” of the document. Macros function simply activates the script, which downloads malware from a certain server. You might also get this ransomware while installing a pirated software or dubious freeware downloads.

How can I delete Funfact files from the system?

You might not be able to recover files encrypted by this ransomware, but you will need to remove Funfact virus in order to try. Therefore, we suggest you start a system scan using a reputable malware remover, anti-malware or anti-spyware tool. If you do not have one, you can install a program that we recommend – you can find some suggestions below. Most importantly, you must begin Funfact removal process correctly, so please follow instructions provided below. If you do not have a data backup, carefully read data recovery suggestions stated down below.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Funfact ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Funfact ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Funfact virus Removal Guide:

Remove Funfact using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Reboot your device carefully – you need to enter Safe Mode with Networking to allow your malware removal software function without any interferences. To prepare your PC for virus removal, do the following:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Funfact

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Funfact removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Funfact using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Funfact. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Funfact removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Funfact from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Funfact, you can use several methods to restore them:

Try to find Windows Previous Versions

System Restore is an useful feature that allows to restore Windows Previous Versions in case part of the system gets corrupted. If you enabled it in the past, you can use it to recover encrypted files now. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer

ShadowExplorer is a great tool that can check if Volume Shadow Copies are still on your computer. If they are, you can successfully restore your files using them. Just run ShadowExplorer to detect them on the system.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Funfact and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References


  • Bonobo

    this ransomware is hideous! Like any other computer virus, ofc. I cant believe how naive I was when I decided to open that malicious email attachment…

  • Luisa

    Cant delete this crapware off my computer! So bad I dont have antivirus nor antimalware program…

  • kayna

    Thanks a lot! The virus is gone. However, no luck in data recovery part…

  • Burak

    HELP! I NEED TO GET MY FILES BACK! all files have been encrypted yesterday since then not possible to open them. please. I will do anything it takes to recover my files. I just dont have money to pay the ransom