Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove JS.Fakeransom and Restore the System

JS.Fakeransom is a JavaScript Trojan recently detected by researchers at Symantec. Even though more information is needed to confirm the exact attack methods employed by JS.Fakeransom, our team has put together the primary features of JavaScript-based Trojans and threats.

Name JS.Fakeransom
Type JavaScript Trojan
Short Description JavaScript may be used to prevent the user from closing a compromised page.
Symptoms The user browser may be ‘locked’.
Distribution Method Malicious JavaScript, compromised pages, etc.
Detection tool Download Malware Removal Tool, to See If Your System Has Been Affected By JS.Fakeransom
User Experience Join our forum to follow the discussion about JS.Fakeransom.

Keep in mind that JS.Fakeransom may affect the following systems:

→Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

JS.Fakeransom and JS Trojans Technical Description

Our team has already analyzed one ransomware that uses JavaScript to prevent the user from closing the page – the so-called MoneyPak Virus. The phishing site that initiated the attack presented a JavaScript loop that was set to lock the browser to the page.

For instance, when trying to visit a particular page after the suspicious site has been loaded, a warning is likely to show up. Such warning messages typically act as scareware and aim at frightening you. Such a message may contain information about an illegal action that you have recently performed online (such as visiting adult content pages), or installing pirated software. Interestingly enough, porn websites and pirated software are typically at fault for ‘infections’ of that type.warning-trojan

Using compromised websites to spread malicious code is neither new nor innovative. But it is definitely an effective technique in the realm of malware distribution.

JS.Fakeransom and similar threats may attempt to redirect the browser to another page. Some JS Trojans may employ websites compromised via SQL injection attacks or by using Blackhat SEO. Another way for such a threat to ‘infect’ the browser is if the page containing the malicious script is stored in the browser’s cache.

JS.Fakeransom Removal Methods

Pay attention to the following tips to improve your PC’s security:

  • Make sure to use additional firewall protection. Downloading a second firewall (like ZoneAlarm, for example) is an excellent solution for any potential intrusions.
  • Make sure that your programs have less administrative power over what they read and write on your computer. Make them prompt you admin access before starting.
  • Use stronger passwords. Stronger passwords (preferably ones that are not words) are harder to crack by several methods, including brute forcing since it includes pass lists with relevant words.
  • Turn off AutoPlay. This protects your computer from malicious executable files on USB sticks or other external memory carriers that are immediately inserted into it.
  • Disable File Sharing – it is recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
  • Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
  • Make sure always to update the critical security patches for your software and OS.
  • Employ a virus-scanning extension in your browser that will scan all the downloaded files on your computer.
  • Turn off any non-needed wireless services, like Infrared ports or Bluetooth – hackers love to use them to exploit devices. In case you use Bluetooth, make sure that you monitor all of the unauthorized devices that prompt you to pair with them and decline and investigate any suspicious ones.
  • Employ a powerful anti-malware solution to protect yourself from any future threats automatically.

You can also refer to our step-by-step guide to remove all traces of JS.Fakeransom.

Step 1: Start Your PC in Safe Mode to Remove JS.Fakeransom.

Removing JS.Fakeransom from Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.


For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.


3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Removing JS.Fakeransom from Windows 8, 8.1 and 10 systems:

Substep 1:

Open the Start Menu
Windows-10-0 (1)

Substep 2:

Whilst holding down Shift button, click on Power and then click on Restart.

Substep 3:

After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

Substep 4:

You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Windows-10-2 (1)

Substep 5:

After the Advanced Options menu appears, click on Startup Settings.
Windows-10-3 (1)

Substep 6:

Click on Restart.
Windows-10-5 (1)

Substep 7:

A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove JS.Fakeransom.

Step 2: Remove JS.Fakeransom automatically by downloading an advanced anti-malware program.

To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all JS.Fakeransom associated objects.

NOTE! Malware is getting more sophisticated with every day. JS.Fakeransom may collect your personal information and track you down while you’re online. If you want to be protected, download a free anti-spyware program to shield your data!

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.