FileFuck Trojan

Filefuck Trojan is one nasty infection. It was created using a base of ransomware, but it does not actually encrypt files. Instead, it deletes the files found on the Desktop and then creates new files with the same names. These files, of course, are not real replacements. If you opened them with Notepad, you would find this message: "All your files were fucked forever by FileFuck! You can not stop us, you idiot." The bad news is that recovering these files is not possible. Once they are erased, they are erased for good. If you have backups, you definitely can recover them from backup, but you cannot restore the original copies. The good news is that at the time of research the infection was only encrypting files found on the Desktop, and maybe no important files are stored here anyway. Without a doubt, you need to remove Filefuck Trojan from your operating system, and if you have not encountered it yet, you need to secure your operating system to ensure it is impenetrable.

The distribution methods used to spread Filefuck Trojan have not been revealed, but it is possible that spam emails could be used to send potential victims malware files in disguise. This is how most file-encrypting ransomware threats are spread. The malicious Trojan, as we mentioned before, is based on a code used to build ransomware. It is known as Hidden Tear, and it is linked to ShutUpAndDance Ransomware, PTP Ransomware, and many other threats. Just like these functional file-encryptors, the Filefuck Trojan is also programmed to target specific files. The files that this Trojan is meant to delete and replace on the Desktop are supposed to have these extensions: .7z, .asp, .aspx, .bat, .c, .cs, .cpp, .css, .csv, .doc, .docx, .egg, .h, .hta, .html, .hwp, .js, .jpg, .mdb, .mp1, .mp2, .mp3, .mp4, .odt, .php, .png, .ppt, .pptx, .psd, .py, .rar, .resx, .settings, .sln, .sql, .txt, .vbs, .xls, .xlsx, and .zip. You cannot recover these files, and the creator of the infection does not want you to. While most ransomware threats are created with the goal of making money, this Trojan appears to have been created for the sole purpose of removing files.

After the infection is done with the first part of the attack, it launches a window entitled "FileFuck Warning." It is just a normal window that can be closed by clicking the X on the top-right corner. The message inside the window does not call for action. It simply states (in 18 different languages) that files cannot be recovered. Filefuck Trojan also creates a file named "@READ_IT@.txt," which can be found on the Desktop. This file represents a message that further confirms that files are lost and cannot be recovered unless they are backed up. The message also informs that the system is not secure. These are not lies. Under normal circumstances, cyber attackers would demand action from the victim. For example, a ransom in return for some magical program would be requested. That is not the case in this situation. It appears that all that the attackers want is to mess with vulnerable Windows users.

Is it likely that Filefuck Trojan is spreading in the wild? It is not; at least not on a large scale. That being said, it is a real threat that was created with a very malicious intention. Hopefully, you do not need to delete Filefuck Trojan from your operating system at this point, but if you do, you want to make sure that you perform the removal successfully. Can you do it manually? That depends on whether or not you can find and erase the launcher of this Trojan. If you cannot, it is best if you use an anti-malware program. This program will quickly examine your operating system to find threats, and then it will automatically delete them. Furthermore, the program will protect you and your system against the invasion of other threats; given that you keep it updated. If we can give you one last piece of advice – back up your files. If they are backed up safely, no malicious infection will ever be able to terrorize and intimidate you.

Filefuck Trojan Removal

1. Delete recently downloaded suspicious files/attachments.
2. Navigate to the Desktop.
3. Delete the file named @READ_IT@.txt.
4. Once you Empty Recycle Bin, scan your operating system for leftovers.