“The ArialText font was not found” ads (Free Guide) - Virus Removal Instructions

“The ArialText font was not found” ads Removal Guide

What is “The ArialText font was not found” ads?

“The ArialText font was not found” scam targets Internet Explorer users, infects them with ransomware

“The ArialText font was not found” ads are deceptive malware-laden pop-ups that suggest installing a malicious file on the system. It can be a ransomware, a trojan, or another computer virus used by cybercriminals to remotely track you or to infect your PC for a specific purpose. This new scam is related to RoughTed malvertising campaign[1] and is very similar to the “The HoeflerText font wasn’t found” scam[2]. The deceptive pop-up typically appears on malicious websites that display some crippled text and trigger a “Message from webpage” pop-up that says “Microsoft Font Pack not installed!” If the victim gets on the hook and clicks OK, the malicious web page then displays the deceptive The ArialText font was not found message and suggests that “the web page you are trying to load is displayed incorrectly, as it uses the “ArialText” font. To fix the error and display the text, you have to upload the “Microsoft Font Pack.” The fraudulent message provides the name of the manufacturer, current version of the font pack, and the “lastest version” of the required font pack version. Attentive computer users will immediately notice obvious typographic errors left in the bogus pop-up and that instantly gives an alarming sign to block “The ArialText font was not found” ads right away. “The ArialText font was not found” ads

However, some users can be easily convinced that the update is required, especially when the deceptive message has a Microsoft logo on it. Clicking the “Update” button opens a window that asks what to do with the ArialFondLight.zip file, which holds the malicious payload. The ZIP archive contains a JavaScript file called ArialFont.js. This file sends a GET request to a malicious domain sobberinfo[.]com, and downloads two files to the system – 36d4.exe (saved on the desktop) and mMSBuild.exe file in MSBuild folder in C:\ Disk. Once activated, they reveal their true origins – these are executables of the fearsome Cerber ransomware, a virus that changes data on a structural level by applying multiple encryption algorithms. Therefore, if you notice that your web browser randomly redirects you to suspicious websites that suggest installing the ArialText or Microsoft Font Pack, quit those sites immediately and scan the system with a decent anti-malware program like FortectIntego to check if your PC did not get infected with any type of malware.

In case you accidentally installed the malware pushed through these deceptive pages, do not rush to pay the ransom before you check for available data backups. If you do have a data backup, implement “The ArialText font was not found” virus removal before doing anything else. Remember – such malware is highly sophisticated and you should treat it professionally. You shouldn’t even give any consideration to ransom payment option unless you cannot allow yourself to lose huge amounts of data. Remember – scammers are not obligated to provide you with decryption tools, and they might not send it to you even after you pay the ransom. Lastly, we must remind that paying up helps criminals continue their malevolent activities with even more motivation. Ideally, do not let them involve you into their extortion schemes!

“The ArialText font was not found” malware“The ArialText font was not found” virus seeks to trick victims into installing a fake font pack that contains a malicious JS file. This file can connect to a particular domain and download ransomware from it.

Social engineering convinces victims to install malicious viruses manually

According to MalwareBreakDown blog post[3], the malvertising campaign was firstly spotted on rojadirecta[.]me which is an online streaming site. The website implements repetitious redirects to several shady websites that are filled with obfuscated ad code scripts. These sites typically display a lot of deceptive pop-ups and alerts that are designed to look like real browser’s informational messages. It turns out that all of the phishing websites involved in the malvertising campaign were registered on an individual whose email as onishekovich[at]bk.ru. After several URL redirections, the malvertising campaign lands the victim on a final site that leads to RIG exploit kit landing page. The malicious website, which functions as a gate to RIG exploit kits, displays the deceptive ArialText font message. At the moment, it is known that the malicious pop-ups emerge for Internet Explorer users only; however, we are sure that fraudsters will improve the technique just like the HoeflerText scammers did and expand the compatibility so that Chrome and Firefox users could get scammed as well. If you want to protect your computer from such attacks, avoid clicking on strange links online, get to know what are the most dangerous Internet websites, and install an up-to-date anti-malware program. Creating a data backup can also save your data in case of a ransomware attack, so do not hesitate and create one ASAP.

“The ArialText font was not found” virus removal

Do not delay any longer and remove The ArialText font was not found virus right away. If the described pop-ups appear on your screen on a daily basis, you need to know that there can be two causes why you encounter such deceptive alerts daily. You are either infected with questionable spyware or malware, or you just tend to browse through hazardous websites a lot. Therefore, uninstalling the adware that displays them and also avoiding visiting highly untrustworthy sites is a praisable idea. The guide provided below the post introduces you to “The ArialText font was not found” removal basics.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of “The ArialText font was not found” ads. Follow these steps

Manual removal using Safe Mode

If you feel that the web browser acts suspiciously and URL redirections occur without your intervention, you need to remove the adware/malware that causes them for you. To remove “The ArialText font was not found” ads, follow these steps.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove “The ArialText font was not found” using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of “The ArialText font was not found”. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that “The ArialText font was not found” removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from “The ArialText font was not found” and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting malware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

Removal guides in other languages