HowTo: Fix Vicrypt Error



Symantec, the largest maker of security software is reporting about a new type of trojan horse named Trojan.Ramvicrype. This trojan uses the RC4 algorithm to encrypt files on infected computers and renders them unusable. The Trojan.Ramvicrype, like most other trojans are usually transmitted from porn and warez sites. A sure sign that your computer is infected by this trojan is the presence of files that have .vicrypt extensions.

Once your computer is infected, Trojan.Ramvicrype will search for files under My Documents, Desktop and Application DataIdentities and renames them with a .vicrypt extension. It also looks for links in the Recent folder and renames all the files in the folders that are pointed to by those links and encrypts each file’s head section. If you try to run any of those files, you’ll get a Vicrypt Error message. A worst case scenario would be a file from the Windows system folder has been recently opened, leading to the Trojan.Ramvicrype encrypting all files in the Windows System folder and critically damaging those files.

Here’s a screenshot of a computer infected by the Trojan.Ramvicrype displaying a “Vicrypt error! Please Restart Windows” message.
Vicrypt Error

Previously, victims of this trojan who were looking for a fix were directed to a site that offered a paid software called AntiVicrypt. Because of this, Symantec and other security companies believe that the Trojan.Ramvicrype is some sort of ransomware and that the company offering AntiVicrypt was also responsible for spreading the trojan. Later, AntiVicrypt was offered as shareware and the trial version was limited to repairing 7 files. As of this time, AntiVicrypt is now offered FREE. I don’t know about you but based on the initial outcome/results, I won’t be trusting this company or any of its products.

To address this issue and help users, Symantec Security Response has developed a free tool to decrypt the encrypted files. The link below not only contains the link to download the free tool but it also includes step-by-step guide on how to use the Trojan.Ramvicrype Removal Tool.

Download Symantec’s Trojan.Ramvicrype Removal Tool.

[image source: Symantec]


Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

9 Comments

  1. Wania

    February 12, 2010 at 11:39 AM

    Thanks. it helped me.

  2. Arafat Hossain Piyada

    December 29, 2009 at 10:40 PM

    Thanks for sharing. This is very interesting security utility indeed. I just tested it today and my PC passed the test. :)

  3. gerader

    November 11, 2009 at 7:29 AM

    Symantecs tool does not seem to offer a decryption. According to Symantecs site “The Removal Tool does the following:

    Terminates the associated processes
    letes the associated files
    Deletes the registry values added by the threat”

  4. Srinivas

    November 11, 2009 at 12:23 AM

    we can buy anti vicrypt for $40 to decrypt. never rename the file extension as this will lead to permanent corrupt of file.

  5. Industry News

    November 7, 2009 at 12:08 AM

    These creatures are worse than spammers. Surely they can be held accountable or investigated to ascertain whether or not they created the ransomware, and then prosecuted and/or shut down? The freedom associated with the internet does have its dark side too, and the onus is on you as the user to do as much as possible to eliminate risky behaviour.

  6. Jhay

    November 5, 2009 at 6:58 PM

    This trojan is a nasty one. Though it’s a little consolation that it just encrypts files instead of overwriting or deleting them altogether.

  7. Michael

    November 5, 2009 at 7:57 AM

    I am not yet a victim of this virus but incase it’ll swarm under my system, I already have a protection. Thanks jaypee, nice information.

  8. cah ndeso

    November 4, 2009 at 8:39 PM

    that information is interesting enough to follow up. I might know, since when the virus is circulating? so I can quickly anticipate. For the moment I am still using Kaspersky.

  9. DiTesco

    November 4, 2009 at 12:38 PM

    Wow. Fortunately, I have not been infected by this Trojan (yet, considering that I visit way too much porn sites, haha – just kidding). This will go on my never ending “read-it-later” in case I need a quick fix.. thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.