What is Fabiansomware?

Fabiansomware is a new variant in the so-called Apocalypse Ransomware family that has been giving birth to at least half a dozen offspring since May, 2016, when it first emerged. If you find out that your computer has been hit by this ransomware, we may have good news for you. As a matter of fact, this is the kind of ransomware threat that can be hacked quite easily and malware hunters come out with the latest decryption tools soon after a new variant hits the web. This must have upset the authors of this malicious threat, who named their new variant after a Twitter user who shares system security advice and decryption tools through his account. Although this threat may not be the most dangerous ransomware there is, because of the number of variants and new ones emerging, it could be a bit difficult to identify exactly what you have been attacked by, which is essential when it comes to using the right decryption software. Failing to do so can result in your files staying encrypted and inaccessible until you find the right tool. Our malware specialists at anti-spyware-101.com do not recommend that you pay the ransom fee these criminals try to extort from you, because there is a good chance that you can recover your files after you remove Fabiansomware from your system. We do not suggest that you download and use a file recovery tool yourself unless you are an experienced user. If not, you should ask a friend who is or a professional.test

Where does Fabiansomware come from?

There are several ways for this ransomware to enter your operating system. First of all, it is possible that your security configurations on your Windows server are not too secure after all. For example, you use an easy-to-crack password. If you are running the remote desktop service, cyber criminals can gain access to your computer and plant this infection. You should always be very careful with remote desktop applications and only use reputable ones. Another possibility how this ransomware could be distributed on the net is via spamming campaigns. This is actually one of the most preferred methods used by crooks. It is possible that you get a spam e-mail with a malicious attachment and it lands in your inbox. These spam mails know how to evade your spam filter, so it is entirely up to you if you let this malware infection on board or not. Criminals usually try to convince unsuspecting users that this mail contains vital information or an important overdue invoice attached to it. Of course, most users want to see this document ASAP. This is how they actually infect their system with this ransomware; the moment they open the saved attachment. Hopefully, you see now the importance of being careful about which mails you open and which attachments you view. Because once you let a ransomware like this onto your system, you will not be able stop the encryption process, which will end by the time you have a chance to remove Fabiansomware.

How does Fabiansomware work?

Once this ransomware is initiated, it targets practically all your files available on your hard drive, except the Windows system folder and the following extensions: .dat, .bat, .bin, .encrypted, .ini, .tmp, .lnk, .com, .msi, .sys, .dll, and .exe. All the encrypted files get a new ".encrypted" extension, so they will look like "my_image.bmp.encrypted." Interestingly enough, this malware infection also creates a separate text file, the ransom note, for each and every affected file. This note will have a name like "my_image.bmp.encrypted.How_To_Decrypt.txt." This threat also creates an autorun entry in your Windows Registry to make sure that this infection starts up automatically every time you reboot. This entry points to "C:\Program Files (x86)\windowsupdate.exe," which is the malicious file itself. Before shocking you with the screen lock, it also blocks Task Manager and the main system process called explorer.exe.

After everything is set and the encryption is done, Fabiansomware locks your screen and changes your desktop image by displaying the ransom note on white background. In this note you are informed that all your files, including your photos, videos, documents, backups, etc. have been encrypted and the only way for you to ever use them again is to send an e-mail to decryptionservice@mail.ru for further instructions regarding the details of payment. You are given 3 days to comply with the demands or else you will lose your files forever. At least, that is what these criminals try to make you believe. But you should know that it is possible to crack this variant just like most of the others. There is already a file recovery tool available specifically for this version of the Apocalypse Ransomware family. However, before trying to recover your files, you should remove Fabiansomware and make sure that your system is all clean.

How can I delete Fabiansomware?

First of all, you need to restart your system in Safe Mode so that you get rid of the screen lock and you do not let this threat to start up automatically. Then you need to delete certain registry entries and files from your system. If you want to do this manually, please use our guide below. If you would prefer an automated solution, we suggest that you find and install a reliable anti-malware program, which you can do if you restart your computer in Safe Mode with Networking. If you need any more help regarding the removal of Fabiansomware, please send us your comment below.

Restart your computer in Safe Mode

Windows XP, Windows Vista, and Windows 7

  1. Restart your computer.
  2. Start tapping the F8 key as soon as the BIOS screen loads up.
  3. Using the arrow keys select Safe Mode and press Enter.

Windows 8, Windows 8.1, and Windows 10

  1. In Windows 8 and Windows 8.1 you need to click on the Power Options button, while in Windows 10, the Windows logo on the Taskbar, and select Power.
  2. Press and hold the Shift key, and then, click Restart.
  3. Choose Troubleshooting and select Advanced options.
  4. Go to Startup Settings and press Restart.
  5. Select F4 from the menu to reboot in Safe Mode.

Remove Fabiansomware from Windows

  1. Press Win+R and type regedit. Press Enter.
  2. Locate and delete the registry value name in the following entries where the value data points to "C:\Program Files (x86)\windowsupdate.exe":
    HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (64-bit)
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (64-bit)
  3. If you saved the malicious file from a spam mail, locate this file and bin it.
  4. Delete "C:\Program Files (x86)\windowsupdate.exe"
  5. Empty your Recycle Bin and restart your computer in Normal Mode.
100% FREE spyware scan and
tested removal of Fabiansomware*

Leave a Comment

Enter the numbers in the box to the right *