HowTo: Fix Vicrypt Error

Symantec, the largest maker of security software is reporting about a new type of trojan horse named Trojan.Ramvicrype. This trojan uses the RC4 algorithm to encrypt files on infected computers and renders them unusable. The Trojan.Ramvicrype, like most other trojans are usually transmitted from porn and warez sites. A sure sign that your computer is infected by this trojan is the presence of files that have .vicrypt extensions.

Once your computer is infected, Trojan.Ramvicrype will search for files under My Documents, Desktop and Application DataIdentities and renames them with a .vicrypt extension. It also looks for links in the Recent folder and renames all the files in the folders that are pointed to by those links and encrypts each file’s head section. If you try to run any of those files, you’ll get a Vicrypt Error message. A worst case scenario would be a file from the Windows system folder has been recently opened, leading to the Trojan.Ramvicrype encrypting all files in the Windows System folder and critically damaging those files.

Here’s a screenshot of a computer infected by the Trojan.Ramvicrype displaying a “Vicrypt error! Please Restart Windows” message.
Vicrypt Error

Previously, victims of this trojan who were looking for a fix were directed to a site that offered a paid software called AntiVicrypt. Because of this, Symantec and other security companies believe that the Trojan.Ramvicrype is some sort of ransomware and that the company offering AntiVicrypt was also responsible for spreading the trojan. Later, AntiVicrypt was offered as shareware and the trial version was limited to repairing 7 files. As of this time, AntiVicrypt is now offered FREE. I don’t know about you but based on the initial outcome/results, I won’t be trusting this company or any of its products.

To address this issue and help users, Symantec Security Response has developed a free tool to decrypt the encrypted files. The link below not only contains the link to download the free tool but it also includes step-by-step guide on how to use the Trojan.Ramvicrype Removal Tool.

Download Symantec’s Trojan.Ramvicrype Removal Tool.

[image source: Symantec]

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 


  1. Symantecs tool does not seem to offer a decryption. According to Symantecs site “The Removal Tool does the following:

    Terminates the associated processes
    letes the associated files
    Deletes the registry values added by the threat”

  2. These creatures are worse than spammers. Surely they can be held accountable or investigated to ascertain whether or not they created the ransomware, and then prosecuted and/or shut down? The freedom associated with the internet does have its dark side too, and the onus is on you as the user to do as much as possible to eliminate risky behaviour.

  3. that information is interesting enough to follow up. I might know, since when the virus is circulating? so I can quickly anticipate. For the moment I am still using Kaspersky.

  4. Wow. Fortunately, I have not been infected by this Trojan (yet, considering that I visit way too much porn sites, haha – just kidding). This will go on my never ending “read-it-later” in case I need a quick fix.. thanks

Leave a Reply

Your email address will not be published. Required fields are marked *