Tips for Eliminating Trojan-Ransom.Win32.Rector

Online hackers or cyber criminals use Trojan-Ransom.Win32.Rector for normal working for disrupting normal working of PC and for illegal changes of data making it of no use. How to overcome this problem?

Before telling the solution, Kaspersky Tech support professionals explain you the different signs of infection.

Signs of Infection

The Trojan-Ransom.Win32.Rector malware encrypts files with the following extensions: .jpg, .doc, .pdf, .rar. Then a cybercriminal nicknamed “††KOPPEKTOP††” offers to unblock the files and prompts to contact him:

ICQ: 557973252 or 481095


Sometimes he asks to leave a message in the guest book of one of his websites:





The messages displayed on the desktop of an infected computer are in Cyrillic.

Now that you know the signs, Kaspersky antivirus support laids below the steps to decrypt files.

Do the following to decrypt files encrypted by Trojan-Ransom.Win32.Rector:

  1. Download the utility RectorDecryptor.exe to an infected computer.
  2. Run the file RectorDecryptor.exe.
  3. The utility starts working by clicking the button Start scan
    It finds and decrypts encrypted files.
  4. Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.
  5. By default, the utility saves its runtime log in the system disk (disk with installed operating system, usually С:\) root directory.
  • Log files have names like: UtilityName.Version_Date_Time_log.txt.
  • For example, C:\RectorDecryptor.

Know in the third step let’s know the command line options to use with the utility.

  1. -l <file_name> – create a log file.
  2. -h – show help on usable switches.
  3. -fpath <folder_path> – enforced decryption of all files in the indicated folder.

What to do if the utility did not help?

If the RectorDecryptor utility cannot disinfect files, download and launch the XoristDecryptor utility.

If the RectorDecryptor utility cannot disinfect files, download and launch the RakhniDecryptor utility.

To be protected from ransom malware, download and install Kaspersky Internet Security 2015. The application provides high-level protection against ransomware.

In case of any problem while removing trojan elements, contact third party Kaspersky Tech support on toll free number at 0-800-820-3300. They can be contacted via email, phone or chat – whatever medium you prefer. Contact today for online and offline assistance related to your antivirus software.


Leave a Reply

Your email address will not be published. Required fields are marked *