What are the Symptoms of Trojan.Ramvicrype Infection?
Vicrypt error! Please Restart Windows
viCrypt: A problem occured, Please Restart Windows
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim1″ = “regdtopt.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim2″ = “%UserProfile%\My Documents\regdtopt.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim3″ = “%UserAppData%\Identities\regdtopt.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim4″ = “%UserProfile%\Desktop\regdtopt.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim[NUMBER]” = “[FOLDER CONTAINING INFECTED FILES]\regdtopt.exe”
The threat will drop the following malicious files:
- %UserProfile%\My Documents\regdtopt.exe
- %UserAppData%\Identities\regdtopt.exe
- %UserProfile%\Desktop\regdtopt.exe
