Home » Tips » Tips and Tricks to Remove Fenrir Ransomware & Restore Files

Tips and Tricks to Remove Fenrir Ransomware & Restore Files

author
Published By Siddharth Tehri
Aswin Vijayan
Approved By Aswin Vijayan
Published On December 27th, 2022
Reading Time 5 Minutes Reading

Fenrir Ransomware is a malicious application that is installed with AdobeReader.exe file pretending to be Adobe Acrobat Reader. It is an AES encryption code built on Visual Studio 2017. It started spreading through systems in Russia and then to the entire world. It is a malware that is designed to change entries in Windows Registry. It encrypts all the important system files and drops a text while explaining details of the ransom. Many application will stop working and the PC will start to hang. Antivirus will be blocked and extensions of many files will start changing as they are encrypted. A ransom note will be displayed as the screensaver of your system asking for $190 in bitcoins. This is just to mess with users as there is no guarantee that the files will be restored once the ransom is paid. To briefly introduce users of this malicious program, this post describes steps to remove Fenrir Ransomware & Restore Files.

How to Remove Fenrir Ransomware?

remove Fenrir Ransomware

Preemptive steps must be taken to prevent further damage to drivers and hardware. If immediate steps are not taken, system files may be encrypted and system may crash. To avoid a point of no return, follow the steps below:

Solution#1 Remove Fenrir Ransomware with Safe Mode

If there is a suspected AES attack happening on your system then repeat the steps mentioned below:

Quickly restart the system with Safe Mode with Networking. Here are the steps to restart the system in safe mode and remove ransomware from Windows XP, Vista and 7.

  • Firstly, go to Start>>Shutdown>>Restart>>OK.
  • Then, long press F8 key. This will open the Advanced Boot Options.
  • From here, select Safe Mode with Networking.

Alternatively, for Windows 10 and 8 press the Power button. Then, long press the Shift key during the rebooting process and click Restart.

  • After that, go to Troubleshoot>>Advanced Options>>Startup Settings>>Restart.
  • Next, from the Startup Settings Window, select Enable Safe Mode with Networking.
  • Now, start killing applications that may be the root cause for the malware attack.
  • Next, kill the processes that may be the reason for spreading the Fenrir ransomware. Letting this application open for too long may encrypt important system files.
  • To do so, press the Windows key and R together.
  • Next, in the Run box, type task mgr and hit the enter key.
  • Then, find the application that is taking extra memory than usual. Close them one by one by right-clicking on them and selecting End Task.

Next, remove Adobe applications that may be pretending to Acrobat Reader files from the Task Manager.

  • Again, go to Start>>Control Panel>>Add or Remove Programs.
  • Then, select Adobe applications that were not originally present on the system. Also, delete any recently installed application that may be a malware.
  • And then, remove Fenrir ransomware from browser settings.

Firstly, delete any random add-ons that have been found to be installed on the browser. This can be done by going to the browser settings and selecting Extension or Add-ons option. This will vary according to the browser that is being used.

Next, reset browser settings by going to the advanced settings of the browser.

  • For chrome it is Menu>>Settings>>Show Advanced Settings>>Reset Setting.
  • For internet explorer it is Gear Icon>>Internet Options>>Advanced>>Reset>>Reset.
  • For Mozilla Firefox it is Menu>>Troubleshooting Information>>Refresh Firefox.

After that, enable browser protection by blocking unwanted pop-ups. This can be achieved in the following manner.

  • For chrome, go to Menu>> Settings >> Show Advanced settings>>Content Setting>>Block Pop-ups.
  • For Internet Explorer, Gear icon >> Internet Option>>Privacy Tab>>Turn-on Pop-up blocker.
  • For Mozilla Firefox, go to Menu >>Options>>Content tab>>check Block Pop-up box.

Next, enable future protection from malware and Ransomware. This can be done by checking the list of items found on Privacy and Security page of all browsers.

  • In Chrome, go to Settings>>Show Advanced Settings>>Privacy Section.
  • In Firefox, go to Menu>>Options>>Security.
  • In Internet Explorer, Tools>>Safety>>Enable Smart Screen Filter.

Finally, if our files are encrypted and are can not be accessed. Perform either one of the procedures mentioned below to remove Fenrir Ransomware & Restore Files.

  • Either, restore data from a previous backup.
  • Or, restore the system to an earlier version by recovering data from a Restore Point.

Final Words

With the increase in malicious activities taking place all over the world. It is essential to take precautionary measure to ensure data security. It is highly recommended by all data recovery agents to take regular backup of user data. Make sure that an updated version of antivirus is always installed on the system. In any case, if you are attacked by a malware, do not try to contact the people behind this. Do not pay any ransom as there is no guarantee that the decryption key they provide will work. Instead, use the preemptive steps described in this post to remove Fenrir Ransomware & Restore Files.