Funfact ransomware / virus (Improved Instructions) - Decryption Steps Included

Funfact virus Removal Guide

What is Funfact ransomware virus?

Modus operandi of Funfact ransomware virus

A brand new ransomware, called Funfact virus, is making rounds on the Internet and was recently detected by malware analysts on VirusTotal. This virus uses standard encryption algorithms[1] to convert victim’s files into hostages stored on victim’s computer. Encrypted files are strongly secured and can no longer be accessed – as long as the victim doesn’t have the unique decryption key[2]. Such situation can be solved in several ways – the victim can follow instructions left in note.ini ransom note and obey offenders’ commandments by paying the ransom they demand (which is a highly not recommended option), or use data backup[3] to restore lost files. If the victim doesn’t have a backup, one can try traditional data recovery tools and methods, however, in most cases, they fail to work because encryption ciphers are known to be very strong, and they can hardly be cracked using third-party tools. Therefore, data can be lost forever.

FunFact ransomware virusFunFact ransomware leaves a wallet.jpg file, which is a picture of a QR code. The victim can scan the code with a smartphone to find out criminals' Bitcoin wallet address.

Speaking of Funfact ransomware, we have to point out that it drops clsign.dll, rar.exe, trc.dll, and wallet.jpg files on the system. The last one, called wallet.jpg, is a QR code[4], which victims can scan to find out what is the right Bitcoin address that they are asked to send the ransom payment to. In the ransom note, criminals also state that victim must prove that the ransom was paid by sending a copy of the transaction to or email address. According to the criminals, then the victim will be provided with the Funfact ransomware decryption key and software that is meant to restore files to their initial condition. However, keep in mind that it is also possible to lose your money along with your files, so ask yourself whether your files are worth the risk of losing a significant amount of money. In case you decide not to pay up, you will need to remove Funfact ransomware somehow. We highly recommend you not to do it manually. For Funfact removal, employ software like FortectIntego or SpyHunter 5Combo Cleaner.

When did I get infected with this malicious software?

Although official Funfact distribution channels are unknown, it is believed that this ransomware Trojan spreads via mail spam and possibly via malicious software bundles. The first option is accessible to every amateur ransomware developer as it doesn’t demand any high-level programming skills, except a bit of creativity. Scammers simply need to compose convincing letters and rename the malicious executive into something that has double file extensions, for example, Document/Scan/Review/Test_Results.doc.exe. Criminals hide the real file extension, which is .exe, to convince the victim to open the file while thinking that it is a document and not an executive file. Consequently, the ransomware gets activated and encrypts all target files then. Alternatively, they might insert a malicious script into a Word file[5] and ask the victim to activate Macros to “view contents” of the document. Macros function simply activates the script, which downloads malware from a certain server. You might also get this ransomware while installing a pirated software or dubious freeware downloads.

How can I delete Funfact files from the system?

You might not be able to recover files encrypted by this ransomware, but you will need to remove Funfact virus in order to try. Therefore, we suggest you start a system scan using a reputable malware remover, anti-malware or anti-spyware tool. If you do not have one, you can install a program that we recommend – you can find some suggestions below. Most importantly, you must begin Funfact removal process correctly, so please follow instructions provided below. If you do not have a data backup, carefully read data recovery suggestions stated down below.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Funfact virus. Follow these steps

Manual removal using Safe Mode

Reboot your device carefully – you need to enter Safe Mode with Networking to allow your malware removal software function without any interferences. To prepare your PC for virus removal, do the following:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Funfact using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Funfact. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Funfact removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Funfact from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Funfact, you can use several methods to restore them:

Try to find Windows Previous Versions

System Restore is an useful feature that allows to restore Windows Previous Versions in case part of the system gets corrupted. If you enabled it in the past, you can use it to recover encrypted files now. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer

ShadowExplorer is a great tool that can check if Volume Shadow Copies are still on your computer. If they are, you can successfully restore your files using them. Just run ShadowExplorer to detect them on the system.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Funfact and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions