Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel


If your computer has been infected with the first version of Viiperware that is currently spreading, it is possible that you will not lose your personal files in this attack. This malicious program is also called Viiperware Ransomware since it is supposed to be a ransomware infection. However, right now it seems that this is more like the test run of an unfinished threat. For example, this malware infection may only target one folder that is highly unlikely to exist on your computer and it also stores your decryption key on your system. But all these facts should not mislead you into believing that this is an innocent program. You can never know when it resurfaces and hits you harder than anything before. We have also found that this malware is built on the Hidden Tear Ransomware that seems to be quite popular among hackers and rookies as well. The Hidden Tear is an open-source project to help IT security specialists to understand ransomware programs more deeply. It is only unfortunate that cyber criminals have found it as a good base for their vicious programs. All in all, we strongly recommend that you remove Viiperware from your PC immediately after you notice its presence.

It seems that this ransomware follows suit and is distributed mainly via spamming campaigns. It means that this threat can appear on your system disguised as an important file attachment in a spam e-mail. You may believe that your spam filter provides proper protection against all unwanted mails but we beg to differ. Spam filters may be too strict in fact and put even important mails in your spam folders mistakenly. Therefore, it is quite likely that you check your spam folder every day for possibly important mails. This is how you may fall prey for this spam as well. Obviously, it will appear to be very convincing and urgent using subject lines regarding to overdue invoices, wrongly given banking details, and so on.

However, once you download and try to view the attached file (it could be an image, a document, or even a ZIP archive), you would simply initiate this malicious attack. By the time you realize that what you are seeing is not a real or authentic document, your files will have been encrypted, i.e., rendered useless irrevocably. This also means that normally you could not delete Viiperware without losing your files. You are only lucky if you have been infected with this trial version because even if some of your files have been encrypted, you can decrypt them by using the key this ransomware leaves on your system. For future reference, apart from being more cautious around your e-mails, it is also important that you keep all your browsers and drivers (Java and Adobe Flash) always up-to-date to avoid unfortunate infections via Exploit Kits.

This version of Viiperware does have the ability to encrypt your important files, including photos, audio files, video files, databases, and program files as well; however it only does so in "%USERPROFILE%\Desktop\test" if this folder exists at all on your PC. Apart from malware researchers it is highly unlikely that anyone would have such a folder on their desktop. In any case, your encrypted files will have a ".viiper" extension. This malicious program places a file called "READ_IT.txt" in every folder where files have been affected (in this case, only in the test folder and its possible subfolders), which is the ransom note text file.

The decryption key is stored in a file named "decrpt.dll" and located in the "%USERPROFILE%/Documents/" directory. These criminals demand 20 EUR for the decryption key, which you do not even need to think about transferring since you actually have the key. However, in the near future this may also change and you will probably see no other choice but pay. We do not advise you to do so because such crooks almost never keep their promise. It is more likely that they will attack you again with another malicious threat to extort even more money from you. All you need to do now is remove Viiperware and make sure that you will start keeping backups of your files somewhere safe, such as cloud storage or a removable drive.

As a first step in eliminating this ransomware, we suggest that you use the decryption key to unlock any potentially encrypted files. Then, you can end the malicious task via Task Manager and delete the related files. Please follow our instructions below if you are ready to do it manually. Keep in mind that removing this threat alone may not make your system all clean. It is possible that there are other threats on board, too. Therefore, we suggest that you use a professional anti-malware program like SpyHunter for the automatic protection of your PC.

Remove Viiperware from Windows

  1. Tap Win+E.
  2. Open the "%USERPROFILE%/Documents/decrpt.dll" file in Notepad.
  3. Copy the decryption key and paste it in the assigned field in the ransom note application window.
  4. Press the "Decrypt my Files" button and wait till the process stops.
  5. Launch your Task Manager by tapping Ctrl+Shift+Esc simultaneously.
  6. Click on the malicious process and click End task.
  7. Close the Task Manager.
  8. Open your File Explorer again.
  9. Locate and bin all suspicious files that you have saved lately.
  10. Delete all ransom note files ("READ_IT.txt").
  11. Empty your Recycle Bin.
  12. Restart your computer.
Download Spyware Removal Tool to Remove* Viiperware
  • Quick & tested solution for Viiperware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.