How to remove Fantom ransomware and decrypt .fantom files

What is Fantom ransomware?

Fantom ransomware does its best to sneak into a system unnoticed and usually it succeeds as it applies to the most innocent-looking disguise. Before starting anything else, Fantom ransomware displays a fake Windows Update screen. This trick works pretty well, as users do not take any actions until the end of the upgrade, and this gives the ransomware some time to encrypt the files. After that the update screen vanishes leaving a user with a ransom note.

Fantom ransomware

The information within the note states that a victim has one week to purchase the decryption utility before the master key will be deleted. The ransom sum is not cleared, so a user can find it out by sending an ID key to one of the cybercriminals email addresses. Though we can understand your intention to get back your data as soon as possible, we do not recommend paying the ransom, because by this you only encourage the scammers on further illegal activity. First of all, you need to try to remove Fantom ransomware and to restore .fantom files by yourself.

Symptoms of Fantom ransomware infection

It’s difficult not to notice ransomware, since it often has one of the processes responsible for displaying a notification message. This window blocks the screen leaving the user minimum alternatives. Besides, some files will be inaccessible, as in many cases ransomware encrypts them to exasperate the scaring effect.

What to do if your PC is infected with Fantom ransomware

As soon as you notice the presence of the ransomware on your system, you should turn your computer off. If it is possible try to create a backup or image of your hard drive info. This may let you to reserve the state of your drives in case a decryption method would be created afterwards.

How to remove Fantom ransomware?

To make sure that the adware won’t reappear, you need to delete Fantom ransomware completely. For this you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to automatic removal tool.

Download Norton

Steps of Fantom ransomware manual removal

Restart Windows in Safe Mode

For Windows XP:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 7 and Vista:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 8 and 8.1:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 10:

  1. In the Start menu click on the power button
  2. Hold Shift and choose Restart
  3. Choose Troubleshoot
  4. In the Advanced Options choose Startup Settings
  5. Click Restart
  6. Select Enter Safe Mode

Delete files and registry entries added by Fantom ransomware

Now you will be able to reach the needed functions and files. For eliminating the ransomware activity, you need to find all of the following items and delete them.

Remove Fantom ransomware files and folders:

%AppData%\delback.bat
[Executable_Path]\WindowsUpdate.exe
[Executable_Path]\update.bat
%UserProfile%\2d5s8g4ed.jpg

Remove Fantom Ransomware registry entries:

HKCU\Control Panel\Desktop\ "Wallpaper" "%UserProfile%\How to decrypt your files.jpg"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 1

Restore the files encrypted by Fantom ransomware

Use the decrypting tool

Unfortunately, currently a tool able to decrypt the files infected by Fantom ransomware is not released yet. You may try applying to the methods described below, however, they might not work with the latest versions of Fantom ransomware.

Restore the system

  1. Initiate the search for system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Leave a Reply

Your email address will not be published. Required fields are marked *