Fadesoft Ransomware Removal Guide


What is Fadesoft Ransomware?

Fadesoft Ransomware has emerged as file encrypting virus. It commence its work with File encryption taking the help of AES and RSA ciphers. About 320 files have been found infected with it. The files carrying the extensions such as .mp3, .ofx, .m2, .sum, .qbb, .mpqge, .db0, .sid, .dotm, .vfs0, .slm, .docx, .bc7, .sldm, .zip, .gif, .vdf, .lua, .ps, .3gp, .asf, .vpk, .wps, .snx, .pak, .pfx, .srw, and many more are considered to be more prone to the target of Fadesoft Ransomware. In next step a ransom not appears on the desktop of PC with an objective to intimate the users about encryption. In the same text suggestions are also mentioned to get free from such issues. Users are asked to pay ransom of amount 0.33 Bitcoins within the stipulated time of 96 hrs to get the decryption key. For the purpose of making itself even more strong Fadesoft Ransomware infiltrates into the Windows registries and makes approach to get in contact with any one out of four C&C server on TOR network. It may also be responsible for the deletion of Shadow volume copies from the OS through the command →vssadmin.exe Delete Shadows /All /Quiet.

The ransom note is contained with following messages:

The encrypted files does not get any new extension but its header and content gets altered. These affected files look as black icons. The time taken to finish the encryption process may vary between half an hrs to few hrs. Some of the directories like Windows, games, Intel, system volumes, recycle bin, cookies have been reported out of the target list of Fadesoft Ransomware.

Ways of getting Fadesoft Ransomware onto PC

Fadesoft Ransomware gets on to the PC on the basis of various ways. Users when connect their PC to Internet then the possibility of getting your PC infected with detrimental components become more prominent. The presence of spam emails has been found as one of the most and easy method for its distribution. Other than these the existing payload files on social media sites and the activity of sharing the files online also plays an important role in making PC infected with Fadesoft Ransomware.

The aftermaths of Fadesoft Ransomware

  • Fadesoft Ransomware after appearing onto the PC encrypts about 320 files and turns it inaccessible for users.
  • At the end of encryption process a ransom note is flashed to ask users for paying ransom of amount 0.33 BTC.
  • This ransomware is also capable of erasing the shadow volume copies from OS through the command →vssadmin.exe Delete Shadows /All /Quiet.
  • Fadesoft Ransomware takes entry inside the Windows registries to ensure its function itself on each windows start up.

How to tackle the attack of Fadesoft Ransomware

The experts have analyzed that if users think to make payment to get their files back encrypted by Fadesoft Ransomware, then it would be totally wastage of money and nothing else. The utilized ciphers are strong in such a way that it is not possible to build any decryption key to break it. Therefore this ransomware may be removed by using reliable anti malware program. A backup must be there for all saved files inside the PC so that recovery may be possible by uploading it.

Follow Steps to Remove Fadesoft Ransomware from PC

Step 1: Know How to Reboot Windows PC in Safe Mode (This guide is meant for novice users)

Step 2: Fadesoft Ransomware removal Using System Restore

Still, if you are facing problem in rebooting PC in Safe mode, opt for System Restore. Follow the steps given below.

Prss F8 continously until you get Windows Advanced Options Menu on Computer Monitor. Now Choose Safe Mode with Command Prompt Option and Tap enter


In the Command Prompt Windows, you need to type this command : cd restore and Select Enter



Now type rstrui.exe as command and press on Enter


This will open a new window to Restore System Files and Settings. Click on Next to proceed.


Kindly select the Restore Point from the date you want to restore back your system as it was earlier to Fadesoft Ransomware attack


Step 3 Use ShadowExplorer to Restore Fadesoft Ransomware Encrypted Files 

Alternatively, you can also use ShadowExplorer to Restore Encrypted files due to Fadesoft Ransomware Attack.

When Fadesoft Ransomware attacks it generally tries to delete all shadows copies which is stored in your computer. But there are chances that Fadesoft Ransomware is not able to delete the shadow copies everytime. So you need to restore the original files using shadow copies.

Follow these simple steps to restore original files through shadowexplorer

  1. you need to download shadowexplorer link from http://www.shadowexplorer.com/downloads.html
  2. Install it on your system
  3. Now you need to open shadowexplorer and select c: drive on left panel
  1. img1

Step 4

Another method for recovering your decrypted files are file recovery software

If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as Fadesoft Ransomware first makes a copy of original files and then encrypt it. After encryption it deletes the original files. So there is high probability that these file recovery software can help you in recovering your original files.