Trojan.Ramvicrype


What are the Symptoms of Trojan.Ramvicrype Infection?

Vicrypt error! Please Restart Windows
viCrypt: A problem occured, Please Restart Windows

vicrypt-error

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim1″ = “regdtopt.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim2″ = “%UserProfile%\My Documents\regdtopt.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim3″ = “%UserAppData%\Identities\regdtopt.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim4″ = “%UserProfile%\Desktop\regdtopt.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Optim[NUMBER]” = “[FOLDER CONTAINING INFECTED FILES]\regdtopt.exe”

The threat will drop the following malicious files:

  • %UserProfile%\My Documents\regdtopt.exe
  • %UserAppData%\Identities\regdtopt.exe
  • %UserProfile%\Desktop\regdtopt.exe

Leave a Comment