How Can I Remove Ransom.Fantom Completely From My Computer

Short Description on Ransom.Fantom:





Danger Level:

High (This trojan is by far the worse computer virus that you can encounter)


Normally, nothing before an alarming notification appears. Sometimes, the encryption process may makes the entire machine sluggish.

Distribution Method:

Typically, through the letters in your spam emails from suspicious senders. Also, with the help of malicious torrents and software bundles.


Corrupts some of your installed system programs and encrypts your PC files as well.

Detection Tool:

This trojan may be difficult to track down. Use Ransom.Fantom Free Scanner in order to find all the harmful files and folders related to this malware and then go for its complete removal.

What do you know about Ransom.Fantom?

Ransom.Fantom is one of the worst Trojan horse virus which is a rather intriguing cryptomalware infection that makes an extra effort in order to hide its malicious activity with a bogus update screen. The malware may be delivered to the users machine through compromised Remote Desktop Protocol (RDP) connections and juk email attachments. What makes this trojan stand out is that Ransom.Fantom is using a signed executable like WinUpdSvc.exe and WindowsUpdate.exe to run undetected. Additionally, the threat will uses the native Windows message service in order to bring up an alert that the computer user needs to install a critical update for the Windows.


However, the PC users that open a file attached to the junk emails and are presented with a critical update, after that they are likely to have executed the Ransom.Fantom virus. The bogus Windows update screen by this Trojan will act as a diversion and divert the users attention with a slowly moving progress bar. Meanwhile, this malware will be busy with encrypting the data and files stored on the connected drives. The system security experts reports that the threat is using the AES-128 cipher algorithm to lock the data and appends the .fantom file extension onto the affected objects. For example, nx_image.jpg will be trans-coded to nx_image.jpg.fantom. Thus, you will be able to copy, move and delete the files encrypted by Ransom.Fantom virus, but reading it will be impossible.

Actually, the computer users that have been compromised by the Ransom.Fantom malware will find a ransom note in DECRYPT_YOUR_FILES.html which is placed on the desktop. This ransom note may include links to the webpages on the Dark Web and consist instructions on how to download and install TOR Browser. The negotiations can be initiated by writing mail to the [email protected] and [email protected] that are completely under the control of the cyber hackers. Although, you should must abstain from the correspondence with these emails, because you are not likely to get the decryption key and you will lose hundreds of dollars. Therefore, it is quite essential for you to delete Ransom.Fantom virus from your system completely from your system.

>>Free Download Ransom.Fantom Scanner<<


How to Remove Ransom.Fantom from Compromised PC (Manual Steps)

(This guide is intended to help users in following Step by Step instructions in making Windows Safe)

The first step which need to be followed is to Restart Windows PC in Safe Mode

Reboot in Safe Mode (For Windows XP | Vista | Win7)

  1. Restart Computer
  2. Tap on F8 continuously when the PC starts booting and select the option to enter Safe Mode with Networking.

safe mode

For Windows 8/8.1

  1. Press on the Start Button and then Choose Control Panel from the menu option
  2. Users need to opt for System and Security, to select Administrative Tools and then System Configuration.


3.  Next, Click on the Safe Boot option and then choose OK, this will open a pop-up window, next Select Restart Option.

For Windows 10

  1. Start Menu is to be selected to Open it
  2. Press the power button icon which is present in the right corner, this will display power options menu.
  3. Keeping the SHIFT Key pressed on the keyboard, select the restart option. This will reboot Win 10
  4. Now you need to select the Troubleshoot icon, followed by advanced option in the startup Settings. Click on Restart. This will give the option to reboot, now select Enter Safe Mode with Networking.

Step 2. Uninstall Ransom.Fantom from Task Manager on Windows

How to End the Running Process related to Ransom.Fantom using Task Manager

  1. Firstly, Open Task Manager by Pressing Ctrl+Shift+Esc in Combination
  2. Next, Click on processes to Find Ransom.Fantom
  3. Now Click and select End Process to terminate Ransom.Fantom.

task manager

Step3: How to Uninstall Ransom.Fantom from Control Panel on Windows

for Win XP| Vista and Win 7 Users

  1. Click and Select on Start Menu
  2. Now Control Panel is to be selected from the list
  3. Next Click on Uninstall Program
  4. Users need to Choose suspicious program related to Ransom.Fantom and right clicking on it.
  5. Finally, Select Uninstall option.





For Win 8

  • Click and Select “Charms bar
  • Now Select Settings Option
  • Next Click on Control Panel
  • Select on Uninstall a Program Option and right click on program associated to Ransom.Fantom and finally uninstall it.



For Windows 10

  1. The first Step is to Click and Select on Start Menu
  2. Now Click on All Apps
  3. Choose Ransom.Fantom and other suspicious program from the complete list
  4. Now right Click on to select Ransom.Fantom and finally Uninstall it from Windows 10




Step: 4 How to Delete Ransom.Fantom Created Files from Registry

  • Open Registry by Typing Regedit in the Windows Search Field and then press on Enter.
  • This will open the registry entries. Now users need to press CTRL + F together and type Ransom.Fantom to find the entries.
  • Once located, delete all Ransom.Fantom named entries. If you are unable to find it, you need to look up for it on the directories manually. Be careful and delete only Ransom.Fantom entries, else it can damage your Windows Computer severely.
HKEY_CURRENT_USER—-Software—–Random Directory. 
HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random


Still having any problem in getting rid of Ransom.Fantom, or have any doubt regarding this, feel free to ask our experts.