Remove JS.Fakeransom and Restore the System - How to, Technology and PC Security Forum |

Remove JS.Fakeransom and Restore the System

JS.Fakeransom is a JavaScript Trojan recently detected by researchers at Symantec. Even though more information is needed to confirm the exact attack methods employed by JS.Fakeransom, our team has put together the primary features of JavaScript-based Trojans and threats.

TypeJavaScript Trojan
Short DescriptionJavaScript may be used to prevent the user from closing a compromised page.
SymptomsThe user browser may be ‘locked’.
Distribution MethodMalicious JavaScript, compromised pages, etc.
Detection toolDownload Malware Removal Tool, to See If Your System Has Been Affected By JS.Fakeransom
User ExperienceJoin our forum to follow the discussion about JS.Fakeransom.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Keep in mind that JS.Fakeransom may affect the following systems:

→Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

JS.Fakeransom and JS Trojans Technical Description

Our team has already analyzed one ransomware that uses JavaScript to prevent the user from closing the page – the so-called MoneyPak Virus. The phishing site that initiated the attack presented a JavaScript loop that was set to lock the browser to the page.

For instance, when trying to visit a particular page after the suspicious site has been loaded, a warning is likely to show up. Such warning messages typically act as scareware and aim at frightening you. Such a message may contain information about an illegal action that you have recently performed online (such as visiting adult content pages), or installing pirated software. Interestingly enough, porn websites and pirated software are typically at fault for ‘infections’ of that type.warning-trojan

Using compromised websites to spread malicious code is neither new nor innovative. But it is definitely an effective technique in the realm of malware distribution.

JS.Fakeransom and similar threats may attempt to redirect the browser to another page. Some JS Trojans may employ websites compromised via SQL injection attacks or by using Blackhat SEO. Another way for such a threat to ‘infect’ the browser is if the page containing the malicious script is stored in the browser’s cache.

JS.Fakeransom Removal Methods

Pay attention to the following tips to improve your PC’s security:

  • Make sure to use additional firewall protection. Downloading a second firewall (like ZoneAlarm, for example) is an excellent solution for any potential intrusions.
  • Make sure that your programs have less administrative power over what they read and write on your computer. Make them prompt you admin access before starting.
  • Use stronger passwords. Stronger passwords (preferably ones that are not words) are harder to crack by several methods, including brute forcing since it includes pass lists with relevant words.
  • Turn off AutoPlay. This protects your computer from malicious executable files on USB sticks or other external memory carriers that are immediately inserted into it.
  • Disable File Sharing – it is recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
  • Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
  • Make sure always to update the critical security patches for your software and OS.
  • Employ a virus-scanning extension in your browser that will scan all the downloaded files on your computer.
  • Turn off any non-needed wireless services, like Infrared ports or Bluetooth – hackers love to use them to exploit devices. In case you use Bluetooth, make sure that you monitor all of the unauthorized devices that prompt you to pair with them and decline and investigate any suspicious ones.
  • Employ a powerful anti-malware solution to protect yourself from any future threats automatically.

You can also refer to our step-by-step guide to remove all traces of JS.Fakeransom.

Step 1: Start Your PC in Safe Mode to Remove JS.Fakeransom.

Removing JS.Fakeransom from Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.


For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.


3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Removing JS.Fakeransom from Windows 8, 8.1 and 10 systems:

Substep 1:

Open the Start Menu
Windows-10-0 (1)

Substep 2:

Whilst holding down Shift button, click on Power and then click on Restart.

Substep 3:

After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

Substep 4:

You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Windows-10-2 (1)

Substep 5:

After the Advanced Options menu appears, click on Startup Settings.
Windows-10-3 (1)

Substep 6:

Click on Restart.
Windows-10-5 (1)

Substep 7:

A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove JS.Fakeransom.

Step 2: Remove JS.Fakeransom automatically by downloading an advanced anti-malware program.

To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all JS.Fakeransom associated objects.

NOTE! Malware is getting more sophisticated with every day. JS.Fakeransom may collect your personal information and track you down while you’re online. If you want to be protected, download a free anti-spyware program to shield your data!

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share