Severity scale:  

Remove Funfact ransomware / virus (Improved Instructions) - Decryption Steps Included

removal by Olivia Morelli - - | Type: Ransomware

Modus operandi of Funfact ransomware virus

A brand new ransomware, called Funfact virus, is making rounds on the Internet and was recently detected by malware analysts on VirusTotal. This virus uses standard encryption algorithms[1] to convert victim’s files into hostages stored on victim’s computer. Encrypted files are strongly secured and can no longer be accessed – as long as the victim doesn’t have the unique decryption key[2]. Such situation can be solved in several ways – the victim can follow instructions left in note.ini ransom note and obey offenders’ commandments by paying the ransom they demand (which is a highly not recommended option), or use data backup[3] to restore lost files. If the victim doesn’t have a backup, one can try traditional data recovery tools and methods, however, in most cases, they fail to work because encryption ciphers are known to be very strong, and they can hardly be cracked using third-party tools. Therefore, data can be lost forever.

FunFact ransomware virusFunFact ransomware leaves a wallet.jpg file, which is a picture of a QR code. The victim can scan the code with a smartphone to find out criminals' Bitcoin wallet address.

Questions about Funfact ransomware virus

Speaking of Funfact ransomware, we have to point out that it drops clsign.dll, rar.exe, trc.dll, and wallet.jpg files on the system. The last one, called wallet.jpg, is a QR code[4], which victims can scan to find out what is the right Bitcoin address that they are asked to send the ransom payment to. In the ransom note, criminals also state that victim must prove that the ransom was paid by sending a copy of the transaction to or email address. According to the criminals, then the victim will be provided with the Funfact ransomware decryption key and software that is meant to restore files to their initial condition. However, keep in mind that it is also possible to lose your money along with your files, so ask yourself whether your files are worth the risk of losing a significant amount of money. In case you decide not to pay up, you will need to remove Funfact ransomware somehow. We highly recommend you not to do it manually. For Funfact removal, employ software like Reimage Reimage Cleaner Intego or SpyHunter 5Combo Cleaner.

When did I get infected with this malicious software?

Although official Funfact distribution channels are unknown, it is believed that this ransomware Trojan spreads via mail spam and possibly via malicious software bundles. The first option is accessible to every amateur ransomware developer as it doesn’t demand any high-level programming skills, except a bit of creativity. Scammers simply need to compose convincing letters and rename the malicious executive into something that has double file extensions, for example, Document/Scan/Review/Test_Results.doc.exe. Criminals hide the real file extension, which is .exe, to convince the victim to open the file while thinking that it is a document and not an executive file.  Consequently, the ransomware gets activated and encrypts all target files then. Alternatively, they might insert a malicious script into a Word file[5] and ask the victim to activate Macros to “view contents” of the document. Macros function simply activates the script, which downloads malware from a certain server. You might also get this ransomware while installing a pirated software or dubious freeware downloads.

How can I delete Funfact files from the system?

You might not be able to recover files encrypted by this ransomware, but you will need to remove Funfact virus in order to try. Therefore, we suggest you start a system scan using a reputable malware remover, anti-malware or anti-spyware tool. If you do not have one, you can install a program that we recommend – you can find some suggestions below. Most importantly, you must begin Funfact removal process correctly, so please follow instructions provided below. If you do not have a data backup, carefully read data recovery suggestions stated down below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Funfact virus, follow these steps:

Remove Funfact using Safe Mode with Networking

Reboot your device carefully – you need to enter Safe Mode with Networking to allow your malware removal software function without any interferences. To prepare your PC for virus removal, do the following:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Funfact

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Funfact removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Funfact using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Funfact. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Funfact removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Funfact from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Funfact, you can use several methods to restore them:

Try to find Windows Previous Versions

System Restore is an useful feature that allows to restore Windows Previous Versions in case part of the system gets corrupted. If you enabled it in the past, you can use it to recover encrypted files now. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer

ShadowExplorer is a great tool that can check if Volume Shadow Copies are still on your computer. If they are, you can successfully restore your files using them. Just run ShadowExplorer to detect them on the system.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Funfact and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions


  1. Bonobo says:
    January 26th, 2017 at 9:15 am

    this ransomware is hideous! Like any other computer virus, ofc. I cant believe how naive I was when I decided to open that malicious email attachment…

  2. Luisa says:
    January 26th, 2017 at 9:16 am

    Cant delete this crapware off my computer! So bad I dont have antivirus nor antimalware program…

  3. kayna says:
    January 26th, 2017 at 9:17 am

    Thanks a lot! The virus is gone. However, no luck in data recovery part…

  4. Burak says:
    January 26th, 2017 at 9:18 am

    HELP! I NEED TO GET MY FILES BACK! all files have been encrypted yesterday since then not possible to open them. please. I will do anything it takes to recover my files. I just dont have money to pay the ransom

Your opinion regarding Funfact ransomware virus