Remove FUN File Virus and Decrypt the Files

How to Remove FUN Ransomware?

Reader recently start to report the following message being displayed when they boot their computer:

Your computer files have been encrypted. Your photos, videos, documents, etc…
But, don’t worry! I have not deleted them, yet.
You have 24 hours to pay 150 USD in Bitcoins to get the decryption key.
Every hour files will be deleted. Increasing in amount every time.
After 72 hours all that are left will be deleted.

If you do not have bitcoins Google the website localbitcoins.
Purchase 150 American Dollars worth of Bitcoins or .4 BTC. The system will accept either one.
Send to the Bitcoins address specified.
Within two minutes of receiving your payments your computer will receive the decryption key and return to normal.
Try anything funny and the computer has several safety measures to delete your files.
As soon as the payment is received the crypt files will be returned to normal.

Thank you.

We bet that when you hear the word ‘fun,’ the last thing you think of is an infection. Well, unfortunately, the fun we’re referring to is one. And, not just any old cyber threat, but a ransomware one. Now, in case you’re unfamiliar, ransomware is arguably the worst type of infection you can catch. It’s malicious, annoying, intrusive, and an utter menace! It’s programmed to target your data, and its very presence on your PC jeopardizes your privacy. And, FUN does not differ from the established pattern. The nasty tool slithers into your system via deception and subtlety, and once it settles, gets to work. It encrypts every single file you keep on your computer, and hold it for ransom. The infection kidnaps your data by making it inaccessible to you, and after its encryption is complete, displays its demands. And, unsurprisingly, it asks for monetary payment. FUN requires you to pay $150 in Bitcoins for the safe return of your files. It sets a time limit, threatens to delete files every hour, and just waits for you to panic and pay up, which doesn’t tend to take long. After all, no one wants to lose their data, and here’s FUN making threats about deleting every single file you have after 72 hours and no payment. That’s a scare tactic, and quite a successful one at that. But ask yourself this: Can I trust these people to keep their end of the deal? And, the answer is ‘No.’ These are malicious people with wicked intentions, who have invaded your PC, held your data hostage, and are currently extorting you for money. That hardly screams ‘trustworthy’ or ‘reliable.’ Here’s something, you probably didn’t want to hear: give up your files. Yes, as unpleasant as it is, it’s truly the best course of action you can take. Don’t pay the ransom. If you do complete the transaction, you’ll give strangers access to your personal and financial information without having any guarantees that you’ll receive the necessary decryption key to free your files. Don’t gamble. Forsake your files as they’re replaceable. Your privacy, on the other hand, is not.

How did I get infected with?

FUN employs the usual antics when it comes to finding a way into your system. It tends to use the old but gold means of infiltration ads they’ve proven their effectiveness. That includes hitching a ride with freeware, corrupted sites, or links or pretending to be a bogus update, like Adobe Flash Player or Java. However, the most commonly used method of invasion is via spam email attachments. Be extremely cautious when it comes to opening messages from unknown individuals and finding they contain attachments or links. In fact, don’t do it! Don’t open the links, don’t download the attachments, don’t even open the emails! Always choose caution over carelessness! After all, infections prey on carelessness. If you wish to prevent getting stuck with dangerous tools like FUN, be more thorough and vigilant and do your due diligence without exceptions. Haste, naivety, and distraction are likely to bring you only negatives. So, avoid them! Sometimes even a little extra attention goes a long, long way and can save you an abundance of grievances and headaches. Remember that next time you’re installing a tool or an update and are faced with a suspicious-looking email.

Why is FUN dangerous?

To say that FUN is no fun would be the understatement of the year. Dealing with the dreaded infection is a nuisance and a danger to both your system and yourself. FUN is a menace and a threat not to be underestimated. After it sneaks into your system, it wastes no time and promptly begins its encryption. It uses the AES algorithm and takes control of your data. Nothing escapes FUN’s reach – pictures, videos, music, documents, etc. Everything you have stored on your computer is no longer accessible. The tool completes the process by renaming your files. For example, if you had a video, called ‘awesome,’ after FUN is done with it, you’ll find it as ‘awesome.fun.’ Once it’s done, it shows you a message, containing its demands. As was already mentioned, the infection requires a ransom amounting to $150, which you can also pay in Bitcoins. If you wish to decrypt your data, you have to pay up, and you’ll be given a key. Apply the key and your files will be free. If you don’t pay, you’ll lose files every hour until a certain time has passed and the ransomware scraps all of the data, which you had stored on your computer. That’s incentive, in case you need a little extra motivation to complete the payment. But, here’s the deal. If you pay, you’ll provide your personal and financial information to strangers with agendas. That’s not good. What’s more, there are NO guarantees they’ll keep their promises and grant you the decryption key. And, if they do, what if it doesn’t work? Or worse, what if it does work, but the following day you see that your files were encrypted once more, and you’re back to square one? There are so many ways the exchange can go wrong, so don’t risk it. It’s a fight you can’t win. Accept that now, and make the wiser, but difficult choice: let go of your files so as to protect your privacy. It’s the right thing to do. Your private life is much more valuable than your data.

FUN Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover FUN Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with FUN encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate FUN encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.