Troubleshoot “The HoeflerText font wasn’t found” error

Hackers have stepped up their game in recent times. With the noose of cybersecurity growing ever tighter around their necks, threatening to erase them completely from the internet, they have been coming up with more and more ingenious methods to trick their way past an individual’s or organization’s defences. Tools that combat cyber theft and malware are becoming more and more formidable. As a result, online criminals feel like they have to up the ante to retain a rapidly eroding foothold.

The old, often simple, methods of malware dispersal no longer cut it for them. Now, they have resorted to special ways to infiltrate the targeted systems at all costs. Bots have come to the fore as one of their favorites methods, overshadowing Living off the Land tactics and general fileless malware. Basically, every avenue that can be exploited to trick users online is tried, and new ones are being discovered on a daily basis.

Of course, everyone would love to be able to utilize the internet without fear of scams, hacks or infection. The reality is, however, very different. Even if security tools succeed in killing off one method of infection, the hackers can dig deep into their bags of old tricks and unleash an older attack method on the newest age.

One of these involves using misleading information on websites to trick the user into downloading a malicious file, which then installs itself on the system. In recent times, one of the popular exemplars of this mode of online trickery is the HoeflerText font virus.

What is the “The HoeflerText Font Wasn’t Found” Virus?

As far as social engineering attacks go, the “The HoeflerText Font Wasn’t Found” virus counts as one of the most clever. This virus relies on the tendency of users to react positively to update notifications. Those behind this adware know that if you’re sent a notification to update an app, such as Google Chrome, you’re likely to react positively.

Thus, you are shown a misleading pop-up that the font on the page you are visiting isn’t readable because a particular font type is missing. You are subsequently told to download and install the supposedly missing font so that the contents of the page can be displayed correctly and completely.

This alert message is, by its very nature, highly suspicious. Thus, it seldom shows up on the pages of well-known sites. This is because those generally have robust security measures in place that make that kind of scam difficult to pull off. Instead, the criminals target unsafe websites, such as those used to download torrents and files. The website is compromised with a malicious Javascript code that springs into action when an unsuspecting user clicks the fake font install link.

Sometimes, online criminals create multiple websites just for this purpose. Sometimes, they place the JavaScript code on a hacked website. This latter practice has become more common recently. They bypass the defences of very popular sites with a lot of traffic and inject the infected code. They do this because they know that the law of averages means it is likely someone will unknowingly fall into their trap.

This scam works by scrambling the text on an infected site. Instead of the English words you’re accustomed to, you’re greeted with a screen full of incomprehensible letters and numbers. Obviously, you’d be wondering what is going on. It is at this point that a pop-up surfaces telling you that “The HoeflerText Font Wasn’t Found” and you need to download the correct font package to view the text on the page.

This ploy has proven moderately successful for online criminals. This is why it has never totally gone out of fashion, despite being around, in different variants, for a long time. Less experienced internet users might be duped by the prompt into updating their browsers. If they take the bait and click the presented links, their systems might end up with data-stealing Trojans, annoying adware, or file-encrypting ransomware.

The HoeflerText virus mainly targets users who have Mozilla Firefox or Google Chrome as their main browser. Other browsers, such as Safari, can be affected as well, but those two are where the bulk of the attacks come from. This is borne out by the file names of the malicious programs, which come in ZIP files with names like Chrome_Font.exe, Chrome_Font_v7.87.zip, and Mozilla_Font_v7.87.zip.

When someone visits a page that has already been infected by the hackers, they see a message like the one below:

The “HoeflerText font wasn’t found

The web page you are trying to load is displayed incorrectly, as it uses the “HoeflerText” font. To fix the error and display the text, you have to update the “Chrome Font Pack”.

Manufacturer: Google Inc. All Rights Reserved

Current Version: Chrome font pack 53

Latest Version: Chrome font pack 57

A similar message is displayed for Firefox users, with the app-specific details such as font pack version and name changed.

The Lowdown on the HoeflerText Font Virus

Name: HoeflerText virus

Type: Adware, backdoor opener

Associated Scripts: Fleercivet Ad Clicking Trojan.

Spora ransomware. GandCrab ransomware. Zeus Panda banking Trojan.

Method of Infiltration: Malicious JavaScript code

Removal: Reputable cybersecurity tools

How the HoeflerText Font Virus Works

As we mentioned earlier, users are tricked into downloading a malicious file through a pop-up or text claiming that they need to install an update to a font package before they will be able to read the text on a page. This will be more enticing if the given page is supposed to be the destination page or download page of a popular program’s installation files.

Once you click the link to download the so-called font pack for Chrome or Firefox, you’re at the mercy of whichever malware is actually embedded in the file. This can be adware, ransomware, a Trojan, a rootkit, or something else. One thing you can be sure about is that whatever it is isn’t safe for your computer.

Here are some malware entities that utilize the “The HoeflerText Font Wasn’t Found” method to gain entrance into a victim’s PC:

• GandCrab Ransomware. This malware utilizes the GCDB extension to take all the files and folders on a system captive. Nobody but the developer can decrypt this file extension, so the user is forced to pay a ransom in exchange for decryption tools. The GandCrab ransomware hides inside Font_Update.exe, which is one of the files found on the “The HoeflerText Font Wasn’t Found” pages. Once this file is downloaded, it uses the Netsupport Manager tool to download the actual ransomware. Sometimes, the resident antivirus will repel this activity. Otherwise, system data becomes encrypted.

• Spora Ransomware. It is no surprise that this ransomware features on the list of malware using the “The HoeflerText Font Wasn’t Found” scam to devastating effect. The technique lends itself particularly well to attacks from ransom seekers and Trojan creators because of the ease of tricking those unfamiliar with how the internet, in particular, and browser updates, in general, work.

The Spora ransomware is known as the alpha of payment-for-decryption malware. It takes users to a sophisticated paywall where they need to make a payment so that their files can be unlocked. There were even paid services providing the victims with different levels of access to their encrypted data, depending on the selected payment plan.

This virus utilizes the HoeflerText mechanism to trick users. When someone clicks a site already infected with the malicious JavaScript code, the user is shown a fake page with scrambled text telling the user that their browser doesn’t have the correct font to view the page.

The older iterations of the Spora malware used different file names to transfer the virus. Newer variations adopt different conventions as well. A well-known variant uses a file named Update.exe. Upon download and execution, the machine is instantly infected by the Spora ransomware and access to all system and/or user files is lost.

• Zeus Panda Banking Trojan. This malware surfaced in Mozilla Firefox browsers in 2017 and has only become more rampant since then. Users taken to the scrambled web page are encouraged to download the “Mozilla Font Pack” update so that they will be able to view the text on the page. The modus operandi is basically the same as the previous two, complete with an innocent-looking Update button that users should supposedly click to install the update to the HoeflerText font pack.

Even when the download begins, nothing might seem amiss. Checking the file name displays “Mozilla Font_v787.zip”, which supposedly contains the actual font update, while in reality it contains a malicious JavaScript file.

When the download begins, the fake website content changes to instructions on how to install the file. Many users will, of course, follow the instructions, assuming they’re installing something legitimate.

Unfortunately, what the users install is a dangerous executable. Once it has been saved to the main directory, it starts to download the actual banking Trojan that goes on to steal your banking information and possibly trigger remote transactions to accounts created by the online criminals.

There are several other malware entities that use the “The HoeflerText Font Wasn’t Found” virus as a springboard to infect vulnerable systems, but these three should be sufficient to demonstrate the range of use hackers have found for this misleading missing font pop-up scam.

How to Stop the “The HoeflerText Font Wasn’t Found” Virus from Infecting Your PC

There might be many ways to skin a cat. The best way, however, remains to not have a cat in the first place. All is not lost even if the HoeflerText font scam has been used to pass malware onto your machine or scramble your data. However, a situation where neither the HoeflerText font scam nor any other type of malware can get into your PC is still the best.

Here are some preventive measures that will safeguard your PC from malicious attacks and scams like those that rely on a fake missing Hoeflertext font:

• Understand the nature of browser updates. In case you didn’t know, Chrome has stopped requiring you to update to a new version on Windows. Instead, it updates itself automatically in the background. You don’t need to do anything.

In the case of Firefox, it uses an installer to update the browser. However, you’re sure to be notified officially when an update is available.

In neither browser will you ever be prompted to download a missing font. All the fonts you require to read any page in any supported language are already in the browsers. Again, you don’t need to do anything.

Therefore, if you have ever seen any “The HoeflerText Font Wasn’t Found” message or something similar encouraging you to download a missing font, that is your cue to immediately close the page.

• Stay away from unsafe sites. Ultimately, there is a thin line between adventurism and blatant recklessness. It is one thing to want to know what alternative sites have up their sleeves. It is another to start clicking willy-nilly on links found on dangerous websites. If you need a paid program so badly, paying for it legitimately is better in the long run than looking for a cracked version on pop-ups and ad-ridden websites.

• Backtrack when you come across scrambled text. Unless you’re working for the CIA and are trying to crack scrambled code, websites with unreadable text should be closed as fast as possible. While you’re trying to make heads or tails of the characters, embedded code might be downloading malware to your system without your knowledge. A good rule of thumb is this: if a page doesn’t contain readable human language, you shouldn’t be on it.

• Don’t ever disable your security software. Exceptions can be made for when you’re troubleshooting an issue on Windows or when you need to install a legit program that keeps being blocked. Otherwise, your antivirus and your system should be BFFs. Keep it active and updated at all times, at all costs.

How to Fix the “The HoeflerText Font Wasn’t Found” Error

You should get rid of the “The HoeflerText Font Wasn’t Found” malware immediately. The longer the fake font update pack stays on the computer, the more danger the files, operating system, and machine itself are in. Your browser will be the first victim, but it won’t be the only one. If you think having to endure a multitude of pop-ups anytime you as much as open a page is torture enough, what about the risk that other malware is being downloaded to your machine in the background? The risk of danger here is very real and must be snuffed out instantly. If ransomware also results from the infection, the story won’t be a pleasant one.

Therefore, the moment you sniff any trace of this or a similar infection, you must spring into immediate action. There are two main things you can do to eliminate the HoeflerText font virus and other malware that has infiltrated your computer through this medium. The first involves booting your computer in Safe mode with networking and then using a trusted virus removal tool. The second simply involves using the System Restore feature to go back to an earlier period in the OS’s life before the malware managed to sneak in.

In addition to those, you should reset both Chrome and Mozilla Firefox. You should also remove any unwanted program or any app you can’t remember installing.

Reset Browsers

Given that the “The HoeflerText Font Wasn’t Found” virus affects Chrome and Firefox, you should reset them either before or after performing the two main steps. Even if you’ve run a thorough scan with your security software, it doesn’t guarantee that every single malicious plug-in, add-on or extension has been removed.

However, a reset does this for you, guaranteeing that you can start afresh without the possibility of a lingering infection to worry about. If your search engine has been changed, homepage modified or extensions that you don’t trust installed, a reset will bring them back to the default state so you can set them anew or leave them be.

• Reset Chrome

Resetting Chrome isn’t hard at all. Just click the three dots in the upper right corner of the browser and select Settings from the expanded menu. Next, scroll down to Advanced Settings, expand the category and select Reset Settings.

Select Reset Settings again and click Reset when the prompt is displayed.

• Reset Firefox

You can also reset Firefox back to its default settings in one stroke. This is achieved through the Reset feature as well. Just open the hamburger menu on the top right and click Help. Then, select Troubleshooting Information and click the Reset Firefox button. Click Reset Firefox again to complete the process.

Remove Unwanted or Suspicious Programs

As explained earlier, even though the “The HoeflerText Font Wasn’t Found” virus is dangerous enough by itself, it is also used as a conduit for other, even more dangerous, malware. This can become established on the machine through parent programs installed in the background.

Therefore, you should regularly check your program list to ensure that no dangerous application has somehow found a home on your system uninvited. If you see something you don’t recognize, Google it, and then take action if necessary.

Open the Control Panel from the Windows 10 Quick Access Menu (Win Key+X) and change the View by mode to Category. Next, click the “Uninstall a Program” link under Programs. The next window will display a list of all installed programs. Go through the list carefully, noting any app or program that seems particularly strange. If your online enquiry identifies it as a suspicious program, uninstall it right away.

Use Safe Mode with Networking to Get Rid of the “The HoeflerText Font Wasn’t Found” Virus

Running a thorough antivirus scan in Safe mode with networking is one of the effective ways to fix the “HoeflerText font wasn’t found” issue in Windows 10. By booting into Safe Mode before any scan is done, you’re guaranteed minimal interference from third-party processes and virus hooks that might otherwise prevent the antivirus from working successfully.

This method is particularly effective if you have limited or zero access to your files in normal mode due to virus infection. You might be able to solve the problem in Safe mode.

• Look for the Power button on your Login/Start Menu screen and click it once to display the shutdown options.
• Press and hold the Shift key and click Restart.
• The machine will boot into the Windows recovery environment. Click Troubleshoot to proceed.
• Click Advanced Options on the next screen.
• Click Startup Settings on the next screen.
• Finally, click Restart, and the machine will boot into the Startup Settings screen.
• Here, press 5 on the keyboard to select Safe Mode with Networking. You can use the F5 key as well.
• The computer will reboot.

Upon reboot, log in using the account that contains the suspected or verified infection and open a browser window.

At this point, you should visit the website of a security software developer you trust and install an antivirus program from there. It is recommended to use a security suite that comes with a lot of recommendations from both individual and corporate users as those are more likely to be more effective in combating online malware and ransomware, as well as scams like the “The HoeflerText Font Wasn’t Found” virus.

It is recommended to use a product that is capable of serving as a primary or secondary antivirus without conflict. We recommend Auslogics Anti-Malware for added protection against spyware, adware and Trojans that try to sneak by your main defences. A full-fledged security solution that comes with Microsoft’s stamp of approval, Auslogics Anti-Malware uses an all-encompassing approach to computer protection that ensures that both your browser and the core system are fully guarded against unexpected threats.

Using security software that is always up to date is very important. This is because hackers regularly find ways of bypassing previous protection mechanisms. Or they create new strains altogether, against which normal detection and quarantine methods may prove ineffective. This tool is updated regularly with the latest definitions. Moreover, it receives regular program updates that augment its already considerable range of protection features.

After you’ve downloaded and installed the tool or your preferred security solution, it is time to get to work. Simply launch the tool and run a deep scan. If your computer is indeed infected, the antivirus should detect the malware no matter where it is hiding. Be it in the browser, registry, Windows folder, or desktop, it will be discovered and presented for action. Remove it, and your computer will finally be free of the “The HoeflerText Font Wasn’t Found” malware.

Use System Restore to Get Rid of the “The HoeflerText Font Wasn’t Found” Virus

There are some situations where Safe Mode with Networking isn’t working. Perhaps the ransomware has dug deep roots in the machine and is blocking the initiation of processes that can help to get rid of it.

Even then, if you can gain access to System Restore, it is possible to get rid of the HoeflerText font scam and its sister infections by simply bringing the system back to a time before the infection occurred. You will have to think about what time that is. Once you’re sure of the period and a system restore point created around that time is available, you are good to go.

Though there are various ways of performing a system restore, if you’re dealing with ransomware, it is serious enough for you to adopt the method of performing a system restore using Safe Mode with Command Prompt.

Here is how to use a created system “snapshot” to take your computer back in time:

• Look for the Power button on your Login/Start Menu screen and click it once to display the shutdown options.
• Press and hold the Shift key and click Restart.
• The machine will boot into the Windows recovery environment. Click Troubleshoot to proceed.
• Click Advanced Options on the next screen.
• Click Startup Settings on the next screen.
• Finally, click Restart, and the machine will boot into the Startup Settings screen.
• Here, press 6 on the keyboard to select Safe Mode with Command Prompt. You can use the F6 key as well.
• The machine will reboot into a Command Prompt window.
• Type “cd restore” (without quotes) in the window and click Enter.
• Next, type “rstrui.exe” (without quotes) and click Enter. This will launch the System Restore user interface.
• Click Next when the System Restore UI comes up.
• In the next window, simply choose a restore point and click the Next button. Make sure you’ve selected a restore point created prior to your PC getting infected. If you need to view more restore points before making your selection, tick the “Show more restore points” checkbox.
• In the next window, click Yes to initiate a system restore.
• Wait for the restore to revert your system to the selected state.

After everything, you should find that your PC is free not only of certain apps and programs but also, and more importantly, of the infection. You should immediately scan the computer with Auslogics Anti-Malware to verify that the “The HoeflerText Font Wasn’t Found” malware removal has indeed been a success.