FileFuck Trojan

What is FileFuck Trojan?

Anti-Spyware-101.com research team is warning about Filefuck Trojan. It is not clear if this malicious threat is actively spreading across the web, but we know for a fact that this threat exists. Our team has managed to obtain a sample and test it in our internal lab. The findings are pretty interesting. First of all, it was found that the Trojan was built using the infamous Hidden Tear source code, the same one that has been used by the creators of SnowPicnic Ransomware, EnybenyCrypt Ransomware, SymmyWare Ransomware, and a bunch of other file-encrypting threats. The strange thing is, however, that this Trojan does NOT encrypt files and it does NOT demand a ransom. Instead, it removes files completely, and then it simply informs the victims that they are screwed. Was this malware created as a joke? Was it created to educate victims in a cruel way? Whatever the case it, the outcome is not good because the files cannot be recovered. If the infection attacks, the only thing you might be able to do is to delete Filefuck Trojan.

How does Filefuck Trojan work?

It is not clear where Filefuck Trojan comes from because it is not actively spreading across the web. If our researchers discover any activity, we will let you know as soon as possible. Of course, if you stay away from spam emails, unreliable websites, suspicious downloaders, and random ads, your chances of letting in any kind of malware decrease dramatically. If you carelessly let in Filefuck Trojan, it does not wait to make a mess. As mentioned already, this threat removes files. It is worth mentioning that it only removes files that are found on the Desktop and that match one of the 41 extensions (e.g., .doc, .html, .jpg, .mp3, .txt, or .zip). That is not all that it does. The Trojan then creates replacement files with the original names; however, these files are not copies of the originals, and they are used to deliver this message: All your files were fucked forever by FileFuck! You can not stop us, you idiot You can delete these files right away because you do not have any use for them.

We cannot know what the creator of the malicious Filefuck Trojan was thinking about when they built the threat, but it is obvious that they did not mean anything good. After the removal of files, a warning window pops up, and it has a short message (All your files were fucked forever by FileFuck!) displayed in many different languages, including English, Korean, French, Russian, Italian, and Polish. This suggests that the infection is meant for a wider distribution, not a specific target, but, of course, we cannot discuss the proliferation at this point. Besides the warning, Filefuck Trojan also creates @READ_IT@.txt on the Desktop. This file represents a text message that mentions backup. If your files are backed up, you certainly do not need to worry about losing files. If backups do not exist, the files deleted by the Trojan are lost completely. Although we would not normally recommend taking cyber criminals’ advice seriously, in this situation, we can confirm that backing up files is important.

How to delete Filefuck Trojan

It is important that you remove Filefuck Trojan from your operating system if it manages to slither in. This threat should not do any damage beyond the removal of certain files on the Desktop, and so once files are deleted, you might choose to stall the elimination process. You should not do that. At the end of the day, the Trojan is an infection that is controlled by cybercriminals, and you want to get rid of it ASAP. Some users might be able to eliminate Filefuck Trojan manually (see instructions below), but if it is not possible to identify malicious components, a reliable anti-malware tool can help immensely. Not only can it erase existing threats – it also can protect you. Clearly, your system is lacking in reliable protection, and if you do not want to face malicious threats in the future, it is high time you took care of that.

Removal Instructions

1. Find the [unknown name].exe launcher file and Delete it.
2. Delete the @READ_IT@.txt from the Desktop.
3. Perform a full system scan to check for malicious leftovers. Download Removal Tool100% FREE spyware scan and
   tested removal of FileFuck Trojan*