How to delete RabbitFox

June 11, 2019

What is RabbitFox

RabbitFox is a type of malware that focuses on money extortion and falls under the ransomware category. While the virus uses a variety of methods to infect users’ Devices, the most prominent distribution method is spam email attachments and hyperlinks.

Once inside, RabbitFox ransomware scan the system for pictures, videos, documents, or other personal data in order to encrypt it with the help of AES encryption algorithm. During this process, the name of the file is altered, and .Fox appendix is added. The data is not corrupted, however, and, to redeem the access to files, victims need to acquire a unique key that is generated during the ransomware infection stage.

How to delete RabbitFox

Users are prompted to write hackers to Rabbit2002@pm.me email to find out Bitcoin amount required to pay for the decryptor. This information is compiled in the text note Decrypt.txt that users can find in each folder where locked files are located. In June 2019, a new variant of RabbitFox was detected which used .Vendetta extension and foxdecrypt@protonmail.com as a contact email. Despite the name of the appendix, researchers did not find any connections to Vendetta ransomware.

Download Removal Toolto remove RabbitFox

RabbitFox was first spotted in March 2018, and the first sample emerged from Lithuania. Nevertheless, the ransom note is written in English, so it is highly likely that the threat actors do not target specific countries, but rather send out malicious emails to random victims.

Exploit kits Unprotected RDP Web injects Software cracks Fake updates, etc.

To find out how to protect yourself from ransomware infection in the future, refer to the second section of this post. Our RabbitFox removal instructions, along with alternative file recovery methods, can be found at the bottom.

As soon as RabbitFox ransomware extracts its malicious payload via ConsoleApp1.exe or another executable file, it changes the way the system operates. For example, it deletes Shadow Volume Copies to prevent data recovery or alters Windows registry entries in order to increase persistence.

For that reason, you should remove RabbitFox ransomware with security software like or Combo Cleaner to retrieve normal operation of the device. Besides, as long as the threat is present on your computer, file recovery is completely useless, as all the data will immediately get encrypted again.

Crooks behind RabbitFox virus are trying to make victims trust them by offering a test decryption service as explained it the ransom note:

Do not pay cybercriminals, as they might simply ignore you after you transfer the Bitcoin payment, and you will end up losing your money as well. Besides, it would only prove that RabbitFox works as intended and will prompt them to infect more victims worldwide.

While there is no decryption tool that would allow you to recover .Fox and .Vendetta files for free, you might try alternative data recovery solutions, although chances of a positive outcome are relatively slim.

RabbitFox is a ransomware virus that drops Decrypt.txt ransom note onto the infected machine and asks to pay a ransom in Bitcoin for the decryption key

How does RabbitFox works

Download Removal Toolto remove RabbitFox

Ransomware is a type of computer infection that is extremely devastating because even after its termination, the locked files are not reverted to its previous state. Until security experts create the decryption tool, recovering files modified by ransomware is extremely difficult: the malware should fail to execute correctly or not remove Shadow Volume Copies. Keeping backups on a remote server or an external drive is the best way to negate the impact of a cryptovirus.

Nevertheless, the best solution to the problem would be not to get infected in the first place. Here are simple tips from industry experts that will help you avoid malware in the future:

Update your operating system and the installed applications regularly; Enable Firewall and install ad-blocking program; Do not use Remote Desktop with default port and protect it with a VPN or a proxy; Stay away from pirated software or its cracks; Be aware that spam email attachments and hyperlinks can install malware as soon as clicked; Enable two-factor authentication where possible and use a password manager; If you do not use a password manager, make sure you never reuse same passwords for different accounts.

How to delete RabbitFox

RabbitFox ransomware removal should be your top priority, regardless of what hackers say – they threaten the access to files will be permanently lost if third-party tools are used. While it is party true, ransomware itself might fail to function properly and fail to delete Shadow Volume snapshots.

To remove RabbitFox virus, you should install reputable security software and run a full system scan. Nevertheless, the malware might tamper with your security software and prevent its termination. In such a case, you should access Safe Mode with Networking and perform the removal from there.

As soon as you delete RabbitFox completely, you can connect your backup device to recover your data. If you had no backups and alternative solutions do not work, the only solution would be to save files and wait till cybersecurity experts come up with the decryptor.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to RabbitFox. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove RabbitFox Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for RabbitFox or anything related to it, and once you find it, press ‘Remove’.

Uninstall RabbitFox Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for RabbitFox or anything related to it, and once you find it, press ‘Remove’.

Delete RabbitFox Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for RabbitFox or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If RabbitFox.safariextz appears on the list, select it and press ‘Clear’.

Remove RabbitFox Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for RabbitFox or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that RabbitFox is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the RabbitFox program.
  7. Select RabbitFox or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from RabbitFox

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Download Removal Toolto remove RabbitFox

Use Chrome Clean Up Tool to Delete RabbitFox

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect RabbitFox, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find RabbitFox in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *

*