Subscribe0 0
http://www.kaspersky.com/downloads/utils/rectordecryptor.zip
Cybercriminals use Trojan-Ransom.Win32.Rector for disrupting normal performance of computers and for unauthorized modification of data making it unusable. Once the data has been “taken hostage” (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate's promise to send a utility that would restore the data or repair the PC.
Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector. The utility has a GUI.
Do the following to decrypt files encrypted by Trojan-Ransom.Win32.Rector:
- Download the utility RectorDecryptor.zip to an infected computer;
- Extract its content using an archiver (WinZip, e.g.);
- Run the file RectorDecryptor.exe;
- The utility starts working by clicking the button Start scan.
It finds and decrypts encrypted files. - Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.
- By default, the utility saves its runtime log in the system disk (disk with installed operating system, usually С:\) root directory.
Log files have names like: UtilityName.Version_Date_Time_log.txt
E.g., C:\RectorDecryptor.2.3.7.0_10.02.2011_15.31.43_log.txt
Command line switches for the utility RectorDecryptor.exe:
- -l <file_name> - create a log file.
- -h – show help on usable switches.
- -fpath <folder_path> - enforced decryption of all files in the indicated folder.
ICQ: 557973252 or 481095
EMAIL: v-martjanov@mail.ru
Sometimes he asks to leave a message in the guest book of one of his websites:
http://trojan....sooot.cn/
http://malware....66ghz.com/
The messages displayed on the desktop of an infected computer are in Cyrillic.
Hot Articles