Symantec, the largest maker of security software is reporting about a new type of trojan horse named Trojan.Ramvicrype. This trojan uses the RC4 algorithm to encrypt files on infected computers and renders them unusable. The Trojan.Ramvicrype, like most other trojans are usually transmitted from porn and warez sites. A sure sign that your computer is infected by this trojan is the presence of files that have .vicrypt extensions.
Once your computer is infected, Trojan.Ramvicrype will search for files under My Documents, Desktop and Application DataIdentities and renames them with a .vicrypt extension. It also looks for links in the Recent folder and renames all the files in the folders that are pointed to by those links and encrypts each file’s head section. If you try to run any of those files, you’ll get a Vicrypt Error message. A worst case scenario would be a file from the Windows system folder has been recently opened, leading to the Trojan.Ramvicrype encrypting all files in the Windows System folder and critically damaging those files.
Here’s a screenshot of a computer infected by the Trojan.Ramvicrype displaying a “Vicrypt error! Please Restart Windows” message.
Previously, victims of this trojan who were looking for a fix were directed to a site that offered a paid software called AntiVicrypt. Because of this, Symantec and other security companies believe that the Trojan.Ramvicrype is some sort of ransomware and that the company offering AntiVicrypt was also responsible for spreading the trojan. Later, AntiVicrypt was offered as shareware and the trial version was limited to repairing 7 files. As of this time, AntiVicrypt is now offered FREE. I don’t know about you but based on the initial outcome/results, I won’t be trusting this company or any of its products.
To address this issue and help users, Symantec Security Response has developed a free tool to decrypt the encrypted files. The link below not only contains the link to download the free tool but it also includes step-by-step guide on how to use the Trojan.Ramvicrype Removal Tool.
Download Symantec’s Trojan.Ramvicrype Removal Tool.
[image source: Symantec]