Symantec, the largest maker of security software is reporting about a new type of trojan horse named Trojan.Ramvicrype. This trojan uses the RC4 algorithm to encrypt files on infected computers and renders them unusable. The Trojan.Ramvicrype, like most other trojans are usually transmitted from porn and warez sites. A sure sign that your computer is infected by this trojan is the presence of files that have .vicrypt extensions.
Once your computer is infected, Trojan.Ramvicrype will search for files under My Documents, Desktop and Application DataIdentities and renames them with a .vicrypt extension. It also looks for links in the Recent folder and renames all the files in the folders that are pointed to by those links and encrypts each file’s head section. If you try to run any of those files, you’ll get a Vicrypt Error message. A worst case scenario would be a file from the Windows system folder has been recently opened, leading to the Trojan.Ramvicrype encrypting all files in the Windows System folder and critically damaging those files.
Here’s a screenshot of a computer infected by the Trojan.Ramvicrype displaying a “Vicrypt error! Please Restart Windows” message.
Previously, victims of this trojan who were looking for a fix were directed to a site that offered a paid software called AntiVicrypt. Because of this, Symantec and other security companies believe that the Trojan.Ramvicrype is some sort of ransomware and that the company offering AntiVicrypt was also responsible for spreading the trojan. Later, AntiVicrypt was offered as shareware and the trial version was limited to repairing 7 files. As of this time, AntiVicrypt is now offered FREE. I don’t know about you but based on the initial outcome/results, I won’t be trusting this company or any of its products.
To address this issue and help users, Symantec Security Response has developed a free tool to decrypt the encrypted files. The link below not only contains the link to download the free tool but it also includes step-by-step guide on how to use the Trojan.Ramvicrype Removal Tool.
Download Symantec’s Trojan.Ramvicrype Removal Tool.
[image source: Symantec]
Thanks. it helped me.
Thanks for sharing. This is very interesting security utility indeed. I just tested it today and my PC passed the test. :)
Symantecs tool does not seem to offer a decryption. According to Symantecs site “The Removal Tool does the following:
Terminates the associated processes
letes the associated files
Deletes the registry values added by the threat”
we can buy anti vicrypt for $40 to decrypt. never rename the file extension as this will lead to permanent corrupt of file.
These creatures are worse than spammers. Surely they can be held accountable or investigated to ascertain whether or not they created the ransomware, and then prosecuted and/or shut down? The freedom associated with the internet does have its dark side too, and the onus is on you as the user to do as much as possible to eliminate risky behaviour.
This trojan is a nasty one. Though it’s a little consolation that it just encrypts files instead of overwriting or deleting them altogether.
I am not yet a victim of this virus but incase it’ll swarm under my system, I already have a protection. Thanks jaypee, nice information.
that information is interesting enough to follow up. I might know, since when the virus is circulating? so I can quickly anticipate. For the moment I am still using Kaspersky.
Wow. Fortunately, I have not been infected by this Trojan (yet, considering that I visit way too much porn sites, haha – just kidding). This will go on my never ending “read-it-later” in case I need a quick fix.. thanks