Simple Steps: Deleting Facebook Ransomware From Compromised Windows PC

Facebook Ransomware: Hidden Truth Revealed

 

First of all, we have to make it crystal clear that Facebook is not associated with Facebook Ransomware. Apparently, Evil-minded programmers have created the file encoder program in order to gain fame and collect ransom. Every one knows that Facebook is a respected social media site which never participates in such malicious activities. Next, security analysts reveal that Facebook file encoder program uses AES-256 encryption combined with RSA cipher to encrypt certain types of important files on contaminated computer. Following encryption, the ransomware also generates Private and Public keys. Without the Private key you won't be able to decode your encoded files because private key is also encrypted with 256-bit long key. Taking full advantage of this situation, developers of Facebook Ransomware will demand around $100 USD via Bitcoin base account in order to provider the specific Private key which is only stored on a highly secured server (aka command and control server). It pops up a window on your PC screen containing ransom message – “opps Your files are encrypted, please click the button that says “how to decrypt my files.”

remove Facebook Ransomware

During online research we got to know that Facebook Ransomware was first detected in June 2017. Its attack pattern was well planned. Currently, it has taken control over thousands of computer running various Windows operating systems. Till now, we haven't receive any report against MAC or Linux users regarding the ransomware. May be this variant of the ransomware is incapable of infecting them but in future its improves variant will have no excuses. Furthermore, you must note that this ransomware project is also developed using environment of HiddenTear – an educational project uploaded on Github back in 2015. Nowadays, it has already become easy to create ransomware programs. As a result, hundreds of ransomware is being released every week.

Why You Should not Pay off Ransom?

If you see no way to decode your important files and you are planning to make payment of ransom to Facebook Ransomware developers then hold it. First note that they only accept payment via Bitcoin account and transaction must be completed using TOR browsers. During the payment, it is possible that ransomware may collect your banking credentials with the help of its spyware component and send it to the evil-minded programmer. Next, whatever comes will be worse that you have never expected. Though, you should make use of alternative options like using Premium data recovery software or System Restore point to get back your files safely.

Next, to safeguard your computer, never install updates from untrusted source, never double click junk email attachments and of course never copy data from USBs without scanning it first. More importantly, keep your Windows system fully up-to-date. Now, you should follow Facebook Ransomware removal and data recovery guide:

Free Scan your Windows PC to detect Facebook Ransomware

rmv-notice

 

Remove Facebook Ransomware From Your PC

Step 1: Remove Facebook Ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.

F8-keyboard

  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.

daver

  • Once the Command Prompt appears then type rstrui.exe and press Enter

picture6

  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove Facebook Ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.

F8-keyboard

  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.

msconfig01

  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To Facebook Ransomware

  • Press Alt+Ctrl+Del buttons together.

ctrl+alt+del

  • It will open the Task manager on your screen.
  • Go to Process Tab and find Facebook Ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove Facebook Ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.

Win+R

  • Type “regedit” and click OK button.

Type-regedit-to-open-registry

  • Find and remove Facebook Ransomware related entries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Now hopefully you have completely removed the Facebook Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Facebook Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.

freescan1

If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.

footer-1

Skip to toolbar