How to remove FakeCry virus and restore encrypted files

FakeCry ransomware virus

This item is dedicated to ransomware called FakeCry that gets onto users' PC around the world, and cyphers their files. Here you can see full information on what is FakeCry, and how to remove FakeCry from your workstation. Besides, we'll tell you how to recover the cyphered files and is it possible.

FakeCry ransomware already penetrated thousands of laptops in many countries with help of most effective way: fraud messages with dangerous attachments. Sometimes scammers use exploits to take control over the system, but they are quickly corrected. After the infection, ransomware reviews the hard drive, determines the amount of folders to be encrypted and their rough cost. Nowadays, each new virus is able to cypher audio, text, image and video files in all popular extensions. Virus corrupts all folders, but the ones that could be business correspondence go first. Virus corrupts only files with information, and does not touch the software, so that the victim can use the computer to pay the ransom. Encryption is made with the help of world-known encryption algorithms, and its intricacy is so above the average level that decipherment of files with no key is impossible. Such complexity gives basis for such an incredible efficiency of ransomware in last years: common customer, even having a very good experience in suchlike things, will never decrypt the files, and will need to pay ransom. The single way to get back the information is to find the scammer's webpage and retrieve the master key. Also there's a chance to withdraw these keys due to flaws in viruse's program code. The encrypted files acquire .fakecry extension.

For any kinds of unwanted software, one thing is true: it is way easier to dodge it than to get rid of its consequences. Unfortunately, most people see the significance of PC knowledge only after ransomware infection. You easily can decrease the chances of getting ransomware by following these regulations:

    • Don't admit any changes to your computer, originating from strange software. If the PC is infected by virus, it will attempt to delete the shadow copies of your files, to make the decryption impossible. However deletion of shadow copies needs administrator rights and operator's verification. Thus, not confirming changes from a unknown software at the right time, you will reserve the chances to recover all encrypted files for free.
    • Attentively study your emails, especially those messages which have attached files. The most effective model of fraud e-mails is the story about prize gaining or package receiving. Also you should be watchful with business-related letters, particularly if the sender's address and the content is unknown. Bills for goods or services, claims, lawsuits, summaries and similar specific files don't be sent without warning, and the addressee should know the person who sent it. Otherwise, it is a fraud.
    • Don't neglect the symptoms that your laptop shows. Information encryption is a sophisticated operation that consumes a lot of hardware resources. In the first seconds of infection, the PC slows down, and the encryption process appears in Process Manager. You can catch this moment and switch off the PC before files will be completely lost. Naturally, some data will be damaged, but the rest of them will be safe.

Virus elimination is not the happy end - it's only a one step from many before the complete data recovery. If you get rid of virus, you won't restore the files immediately, it will require more measures described in the following paragraph. To deelete any ransomware, user needs to boot the workstation in safe mode and check it with antivirus. Some ransomware can't be uninstalled even through AV-program, and have many serious mechanics of defense. Qualitative malware can completely delete corrupted data, or part of it, when trying to uninstall the virus. To neutralize this, follow the instructions under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you made all steps, mentioned in above part of an article - it's time to decrypt the data. Actually, this is not literally decryption, because the encryption manners owned by swindlers are very complicated. Generally, to restore the files, you should seek help on anti-malware communities or from celebrated malware researchers and antiviral program manufacturers. If you choose the by-hand information recovery - take a look at our entry, which describes all the easiest manners.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.