How to Remove FuxSocy Ransomware

How to Remove FuxSocy Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

FuxSocy ENCRYPTOR
(=^..^=)

YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES
HAVE BEEN ENCRHYPTED!
The only way to decrypt your files is to receive
the private key and decryption program.

To receive the private key and decryption program
go to any decrypted folder – inside there is the special file {RAND}_R_E_A_D___T_H_I_S_{RAND}
with complete instructions how to decrypt your files.

If you cannot find any {RAND}_R_E_A_D___T_H_I_S_{RAND} file at your PC,
follow the instructions below:

1. Visit hxxps://tox.chat/download.html
2. Download and install qTOX on your PC.
3. Open it, click “New Profile” and create profile.
4. Click “Add friends” button and search our contact

FuxSocy is a new ransomware menace that follows the footsteps of the infamous Cerber ransomware. The new pest mimics the original, but there are significant differences between the two viruses. They differ in their code, the way they spread their corruption, and the method they use to communicate with their victims. The FuxSocy’s creators also seem to pay special attention to anti-interference mechanisms that prevent third parties from analyzing their virus. The ransomware, for example, has mechanisms that don’t allow virtual machines to run it. Unlike its relatives, FuxSocy also doesn’t corrupt the target files in their entirety. It, instead, corrupts parts of the files, which is more than enough to make your data inaccessible. The virus detects and encrypts your pictures, databases, archives, documents. It puts your data under lock and key and changes your desktop wallpaper, as well as drops its ransom note (a file named _R_E_A_D__T_H_I_S_ ). Its note explains your situation and lists the hacker’ demands. Unlike other criminals in similar situations, the FuxSocy’s operators rely on the ToxChat messaging app to assist them in the negotiations. They want you to contact them via this app. Don’t do it! Do not get involved in negotiation with criminals! That’s a bad idea. You are dealing with professional manipulators who know how to trick you. You can’t win against them. Take the time to consider your options!

How did I get infected with?

Fake updates, corrupted links, malicious bundles, spam messages, pirated software – there are myriads of ways for FuxSocy to reach your computer. More often than not, these viruses employ the good old spam messages. That’s right. The scam campaigns are still the number one cause of virus infections. Their schemes, however, are not as simple as they used to be. The scammers no longer rely merely on malicious attachments. They also embed corrupted links. One click is all they hope for. Don’t make mistakes! No anti-virus app can protect you if you throw caution to the wind. Only your diligence can prevent infections. Even a little extra attention can spare you an avalanche of problems. So, don’t give into recklessness. Always take the time to do your due diligence. Don’t visit shady websites. Download software and updates from reliable sources only. And, of course, be wary of your inbox. Whether it’s an instant message or an email, treat all unexpected messages as potential threats. Always take a minute to verify their senders. If, for example, you receive an email from an organization or company, go to their official website. Compare the email addresses listed there to the suspicious one. If they don’t match, delete the pretender. You can also double-check the suspicious addresses by entering them into a search engine. If they were used for shady activities, someone might have complained.

Why is FuxSocy dangerous?

FuxSocy is a nasty virus. It alters settings, modifies your registry, drops files, and starts malicious processes. It, of course, does so in complete silence. The virus is designed to be stealthy. You can’t catch it in time to limit its corruption. Once you realize that it’s there, it’s already too late. FuxSocy locks your files and prevents you from viewing and editing them. It doesn’t delete the image copies of your files, but it corrupts them. Abandon all hope! There is no easy way to restore your data. FuxSocy is an advanced menace, created by skilled criminals. This virus wrecks your computer and makes it useless. It corrupts your files and everything you download or safe. You can only browse the web. But you should not use your infected machine for sensitive operations, such as online banking. Your PC could be under surveillance. FuxSocy is a severe threat. It makes your PC useless and gives you no choice but to pay the ransom. Don’t make that mistake, though. Practice shows that the hackers tend to ignore their victims once they receive the ransom. There are cases when the victims paid, just to be blackmailed for more. There are also instances when the victims received nonfunctional or partly functional decryption tools. Do not test your luck! Don’t pay the ransom! Such actions will only encourage the malicious actors to continue with their criminal activities.

FuxSocy Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover FuxSocy Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with FuxSocy encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate FuxSocy encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.