Frag is here! Ransomware Removal Guide

by Brendan Smith
November 11, 2024

The Frag virus falls under the ransomware type of infection. Harmful software of such sort encrypts all user’s data on the computer (images, text files, excel tables, audio files, videos, etc) and adds its own extension to every file, leaving the README.txt files in every directory with the encrypted files.

What is Frag virus?

Frag will add its own .frag extension to every file’s name. For example, a file named “photo.jpg” will be changed to “photo.jpg.frag”. In the same manner, the Excel table named “table.xlsx” will be altered to “table.xlsx.frag”, and so on.

In every directory with the encrypted files, a README.txt text file will appear. It is a ransom money memo. It contains information on the ways of paying the ransom and some other remarks. The ransom note most probably contains instructions on how to purchase the decryption tool from the tamperers. That is how they do it.

Frag Overview:

Name Frag Virus
Extension .frag
Ransomware note README.txt
Detection Trojan:Win32/Tnega!MSR Removal, Win32:Adware-DNA [Adw] Virus Removal, Win32:Secat [Trj] Virus Removal
Symptoms Your files (photos, videos, documents) get a .frag extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Frag virus

The README.txt document coming in package with the Frag ransomware provides the following frustrating information:

Frag is here!


If you are a regular employee, manager or system administrator, do not delete/ignore this note or try to hide the fact that your network has been compromised from your senior management. This letter is the only way for you to contact us and resolve this incident safely and with minimal loss.


We discovered a number of vulnerabilities in your network that we were able to exploit to download your data, encrypt the contents of your servers, and delete any backups we could reach. To find out the full details, get emergency help and regain access to your systems,


All you need is:


1. Tor browser (here is a download link: hxxps://www.torproject.org/download/
2. Use this link to enter the chat room – -
3. Enter a code ( - ) to sign in.
4. Now we can help you.
We recommend that you notify your upper management so that they can appoint a responsible person to handle negotiations. Once we receive a chat message from you, this will mean that we are authorised to pass on information regarding the incident, as well as disclose the details inside the chat. From then on, we have 2 weeks to resolve this privately.


We look forward to receiving your messages.

In the image below, you can see what a folder with files encrypted by the Frag looks like. Each filename has the “.frag” extension added to it.

Frag Virus - encrypted .frag files

An example of encrypted .frag files.

How did my machine catch Frag ransomware?

There are plenty of possible ways of ransomware injection.

There are currently three most exploited methods for malefactors to have the Frag virus planted in your system. These are email spam, Trojan injection and peer-to-peer file transfer.

  • Another thing the hackers might try is a Trojan file scheme. A Trojan is a program that infiltrates into your machine disguised as something legal. For example, you download an installer for some program you need or an update for some software. But what is unboxed reveals itself a harmful program that encodes your data. Since the installation wizard can have any name and any icon, you have to make sure that you can trust the source of the things you’re downloading. The optimal thing is to trust the software companies’ official websites.
  • As for the peer-to-peer file transfer protocols like torrent trackers or eMule, the danger is that they are even more trust-based than the rest of the Web. You can never know what you download until you get it. Our suggestion is that you use trustworthy resources. Also, it is reasonable to scan the directory containing the downloaded items with the antivirus as soon as the downloading is done.

How to remove ransomware?

It is important to note that besides encrypting your files, the Frag virus will probably install Vidar Stealer on your computer to seize your credentials to different accounts (including cryptocurrency wallets). The mentioned spyware can extract your logins and passwords from your browser’s auto-filling cardfile.

How to avert ransomware injection?

Frag ransomware doesn’t have a superpower, so as any similar malware.

You can defend your system from its attack taking three easy steps:

  • Never open any emails from unknown senders with unknown addresses, or with content that has nothing to do with something you are expecting (how can you win in a lottery without even taking part in it?). If the email subject is more or less something you are expecting, scrutinize all elements of the dubious email with caution. A hoax letter will surely contain mistakes.
  • Avoid using cracked or untrusted programs. Trojan viruses are often distributed as a part of cracked software, possibly as a “patch” to prevent the license check. Understandably, untrusted programs are very hard to distinguish from reliable ones, because trojans may also have the functionality you need. Try searching for information on this program on the anti-malware message boards, but the optimal way is not to use such programs at all.

Frequently Asked Questions

🤔 How can I open “.frag” files?Can I somehow access “.frag” files?

Negative. That is why ransomware is so frustrating. Until you decode the “.frag” files you will not be able to access them.

🤔 What should I do to make my files accessible as fast as possible?

If the “.frag” files contain some really important information, then you probably have them backed up. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. All other solutions require time.

🤔 What to do if the Frag malware has blocked my PC and I can’t get the activation key.

🤔 What could help the situation right now?

Some of the encrypted files can be located elsewhere.

  • If you exchanged your critical files through email, you could still download them from your online mail server.
  • You might have shared images or videos with your friends or family members. Simply ask them to give those pictures back to you.
  • If you have initially downloaded any of your files from the Internet, you can try to do it again.
  • Your messengers, social networks pages, and cloud disks might have all those files too.
  • Maybe you still have the needed files on your old PC, a portable device, mobile, external storage, etc.

USEFUL TIP: You can employ data recovery utilities1 to get your lost data back since ransomware encodes the copies of your files, removing the authentic ones. In the tutorial below, you can see how to recover your files with PhotoRec, but be advised: you won’t be able to do it before you kill the ransomware itself with an antivirus program.

I need your help to share this article.

It is your turn to help other people. I have written this article to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. Here’s the list of Best Data Recovery Software Of 2024.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment