1 of 6
Danger level 8
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Slow Computer

Microsoft Decryptor Ransomware

It is more than obvious that Microsoft Decryptor Ransomware comes with only one purpose on its mind: it needs your money. While it cannot log your key strokes and steal your banking logins and passwords, this ransomware infection is still very good at coercing users into giving away their money. Of course, you have to be strong enough to resist it and remove Microsoft Decryptor Ransomware from the system as soon as possible. In this description, we will cover the basic details about the infection, and what you can do to restore your files and terminate the program for good.

Our research shows that this program is another version of the CryptXXX Ransomware infection. Usually, when ransomware encrypts data, they make use of .exe files to launch the encryption process. However, that is not how the programs in this family behave. They do not use the conventional .exe files. Rather, they make use of .dll files. In other words, the file that infects your system with this ransomware has the .dll extension. Also, most of the ransomware infections get distributed via spam email messages, but Microsoft Decryptor Ransomware spreads through Angler Exploit Kits. These Kits can be dropped by Trojans, so it means that there might be more than just one malicious infection on your computer. It is obvious why this program does not use spam emails for distribution: It is not possible to launch a .dll file by double-clicking it.

It may not be apparent at first that you have been infected with Microsoft Decryptor Ransomware. Once the infection takes place, this program “sleeps” for a time being. Depending on the version of the application, the “sleep” time may be from fifteen to sixty-two minutes. However, once the program launches its processes, it creates a random CLSID folder in the %TEMP% directory, and that folder has a .dll file that is launched through rundll32.exe. And you will definitely see that something is wrong because it forcefully restarts your computer and locks your screen by displaying the following notification:

Your files are encrypted

If you do not pay for decrypting until [date], the decryption cost will increase 2 and will be 2.4 BTC

The BTC in the message refers to bitcoins, and 2.4 BTC is an extremely high price for your files because it is more than $1.500USD. Not to mention that there are reports saying the decryption key issued by this program does not work. Thus, even if you pay for the decryption, you will not be able to retrieve your files because Microsoft Decryptor Ransomware is not interested in supplying you with a tool that works. It only wants your money.

Is it possible to restore your files, then? Yes, it is. You either need to wait for someone to create a decrypter that would be specifically applied for this program, or you can remove Microsoft Decryptor Ransomware from your computer and then copy and paste all your files from a backup drive. Needless to say, you may need to delete the decrypted files if no decryption tool comes around.

Below this description, you will find manual removal instructions. However, we would suggest deleting Microsoft Decryptor Ransomware with an automated security tool because, as mentioned, the ransomware might have been dropped by a Trojan. Hence, you are bound to have more malware on your PC, and it is a lot more efficient to delete it all in one go with a security program of your choice.

Should you need any assistance with malware removal, you are more than welcome to leave us a comment. Our team will be ready to assist you. Since this type of malware infection spreads through exploit kits, you would also do yourself a favor if you stayed away from unfamiliar websites, especially those that are full of random pop-up ads. Flash pop-ups are often used by exploit kits to promote or distribute malware, so please be responsible when you browse the Internet.

Also, you should consider backing up your files on multiple locations. It could be an external hard drive, a cloud drive, your inbox, what have you. Take note, however, that if you have an external backup drive, it is best to keep it unplugged because ransomware applications may encrypt all the mapped drives.

How to Remove Microsoft Decryptor Ransomware

  1. Press Win+R and type %Temp%. Click OK.
  2. Go to a Random CLSID folder and delete the Random name .dll file.
  3. Press Win+R and type %ALLUSERSPROFILE%. Click OK.
  4. Delete the Unique ID .bmp and .html instruction files.
  5. Press Win+R again and type %USERPROFILE%. Press Enter.
  6. Delete the Unique ID .bmp, .html, and .txt files.
  7. Scan your PC with a powerful antispyware tool.
Download Spyware Removal Tool to Remove* Microsoft Decryptor Ransomware
  • Quick & tested solution for Microsoft Decryptor Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.