Skip to content
  • Active
  • Severity: High
  • Malware
  • Windows
  • Verified · Jun 2017

How to remove “The ArialText font was not found” ads

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

“The ArialText font was not found” scam targets Internet Explorer users, infects them with ransomware

“The ArialText font was not found” ads are deceptive malware-laden pop-ups that suggest installing a malicious file on the system. It can be a ransomware, a trojan, or another computer virus used by cybercriminals to remotely track you or to infect your PC for a specific purpose. This new scam is related to RoughTed malvertising campaign[1] and is very similar to the “The HoeflerText font wasn’t found” scam[2]. The deceptive pop-up typically appears on malicious websites that display some crippled text and trigger a “Message from webpage” pop-up that says “Microsoft Font Pack not installed!” If the victim gets on the hook and clicks OK, the malicious web page then displays the deceptive The ArialText font was not found message and suggests that “the web page you are trying to load is displayed incorrectly, as it uses the “ArialText” font. To fix the error and display the text, you have to upload the “Microsoft Font Pack.” The fraudulent message provides the name of the manufacturer, current version of the font pack, and the “lastest version” of the required font pack version. Attentive computer users will immediately notice obvious typographic errors left in the bogus pop-up and that instantly gives an alarming sign to block “The ArialText font was not found” ads right away. “The ArialText font was not found” ads

However, some users can be easily convinced that the update is required, especially when the deceptive message has a Microsoft logo on it. Clicking the “Update” button opens a window that asks what to do with the ArialFondLight.zip file, which holds the malicious payload. The ZIP archive contains a JavaScript file called ArialFont.js. This file sends a GET request to a malicious domain sobberinfo[.]com, and downloads two files to the system – 36d4.exe (saved on the desktop) and mMSBuild.exe file in MSBuild folder in C:\ Disk. Once activated, they reveal their true origins – these are executables of the fearsome Cerber ransomware, a virus that changes data on a structural level by applying multiple encryption algorithms. Therefore, if you notice that your web browser randomly redirects you to suspicious websites that suggest installing the ArialText or Microsoft Font Pack, quit those sites immediately and scan the system with a decent anti-malware program like FortectIntego to check if your PC did not get infected with any type of malware.

In case you accidentally installed the malware pushed through these deceptive pages, do not rush to pay the ransom before you check for available data backups. If you do have a data backup, implement “The ArialText font was not found” virus removal before doing anything else. Remember – such malware is highly sophisticated and you should treat it professionally. You shouldn’t even give any consideration to ransom payment option unless you cannot allow yourself to lose huge amounts of data. Remember – scammers are not obligated to provide you with decryption tools, and they might not send it to you even after you pay the ransom. Lastly, we must remind that paying up helps criminals continue their malevolent activities with even more motivation. Ideally, do not let them involve you into their extortion schemes!

“The ArialText font was not found” malware

Social engineering convinces victims to install malicious viruses manually

According to MalwareBreakDown blog post[3], the malvertising campaign was firstly spotted on rojadirecta[.]me which is an online streaming site. The website implements repetitious redirects to several shady websites that are filled with obfuscated ad code scripts. These sites typically display a lot of deceptive pop-ups and alerts that are designed to look like real browser’s informational messages. It turns out that all of the phishing websites involved in the malvertising campaign were registered on an individual whose email as onishekovich[at]bk.ru. After several URL redirections, the malvertising campaign lands the victim on a final site that leads to RIG exploit kit landing page. The malicious website, which functions as a gate to RIG exploit kits, displays the deceptive ArialText font message. At the moment, it is known that the malicious pop-ups emerge for Internet Explorer users only; however, we are sure that fraudsters will improve the technique just like the HoeflerText scammers did and expand the compatibility so that Chrome and Firefox users could get scammed as well. If you want to protect your computer from such attacks, avoid clicking on strange links online, get to know what are the most dangerous Internet websites, and install an up-to-date anti-malware program. Creating a data backup can also save your data in case of a ransomware attack, so do not hesitate and create one ASAP.

“The ArialText font was not found” virus removal

Do not delay any longer and remove The ArialText font was not found virus right away. If the described pop-ups appear on your screen on a daily basis, you need to know that there can be two causes why you encounter such deceptive alerts daily. You are either infected with questionable spyware or malware, or you just tend to browse through hazardous websites a lot. Therefore, uninstalling the adware that displays them and also avoiding visiting highly untrustworthy sites is a praisable idea. The guide provided below the post introduces you to “The ArialText font was not found” removal basics.

 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.