How to remove Fenrir virus and restore encrypted files

Fenrir ransomware virus

The page is dedicated to virus called Fenrir which infects users' laptops in different countries of the world, and corrupts their data. In this page you can see full info about what is Fenrir, and the uninstalling of Fenrir from your PC. Furthermore, we will tell you how to restore the cyphered information and is it possible.

Fenrir ransomware already infected thousands of computers around the world with help of basic way: false messages with dangerous attachments. Occasionally fraudsters use zero-day vulnerabilities to get into the computer, but major software vendors promptly correct them. When infection is done, the virus inspects the hard drive, defines the amount of folders to be encrypted and their approximate price. At the moment, each new ransomware knows how to encrypt video, image, text and audio files in all most used extensions. Special attention is attracted to businesslike information, because representatives of business are the main objective for scammers. All programs on PC will be untouched since criminals are interested only in information. The operation is executed through famous RSA and AES algorithms, and it is so complicated that that it cannot be bruteforced. Such complexity creates basis for unbelievable effectuality of this kind of viruses in last years: an ordinary customer, even having a fairly high experience in suchlike things, won't ever be able to restore the data, and will be forced to pay ransom. The single method to recover files is to hack the scammer's webpage and obtain the master key. Also there's a way to obtain the keys due to flaws in the code of the virus itself. The encrypted files acquire .fenrir extension, and the amount of ransom is $150.

There is one common feature for all sorts of computer viruses: it's way easier to avoid it than to cure it. It's sad to say, but most people comprehend the significance of computer knowledge just when ransomware takes over their computers. It's very easy to reduce the chances of getting encrypting virus by following these principles:

    • Be careful with the e-mails which contain data. If you don't know who send the letter and it notifies about receiving any prize, a lost parcel or anything like that, this is most likely a scam message. The other effective sort of scam letters is a "business letters". Invoices for products and services, appeals, lawsuits, summaries and other important documents do not come accidentally, and the receiver should know the sender. Otherwise, it is a scam.
    • Don't neglect the signs that your machine shows. It requires a lot of CPU resources to encrypt the information. When the malware is starting to operate, the PC slows down, and the encrypting process emerges in Process Manager. You can catch this moment and unplug the PC before data will be fully spoiled. This, in case of infection, will protect a lot of your information.
    • Pay attention to the pop-up windows. If the laptop is polluted by Fenrir, it will endeavour to remove the shadow copies of your data, to lower the possibility of recovery. The deletion of copies requires administrator rights and your confirmation. The moment of thinking before verifying the changes can save your information and your money.

Ransomware uninstalling is not solution of the whole issue - it's just a one turn on the long road before the complete data recovery. To restore the data you should follow the instructions in the below section of this article. To get rid of Fenrir, user needs to load the system in safe mode and run the scanning through AV-tool. High class viruses can't be uninstalled even through AV-program, and have lots of serious mechanisms of defense. Modern viruses can fully remove encrypted data, or part of it, when trying to eliminate the program. To avoid this, abide to the tips under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects viruses fully: all files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects virus on the computer, you will need to purchase SpyHunter's malware removal tool to delete viruses. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After eliminating the virus from the system, user has to recover the encrypted files. We're not able to decypher the data, but we'll get them back via Windows functionality and the special software. Usually, to restore the files, the user has to ask for assistance on specialized communities or from famous virus fighters and antiviral program vendors. If you are really interested in the by-hand file restore - read this item, which describes all the easiest methods.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.