How to remove BitCrypt ransom virus

Please help me; my computer is being attacked by BitCrypt ransom virus. I think, this is brand new or most recent ransomware because it is not yet fully discussed on security forums. What BitCrypt does is add extra extension to a file name like mydocs.doc.butcrypt. There is no way to open a file affected by this ransom virus.

On every folder, including root drive, BitCrypt leaves a message via the notepad file bitcrypt.txt. Here is what the message says:

“Attention!!!
Your BitCrypt ID:
DRU-88-534567
All necessary files on your PC (photos, documents, data bases and other) were encoded with a unique RSA-100. Decoding of your files ins only possible by a special program that is unique for each BitCrypt ID. Specialist from the computer repair services and anti-virus labs won’t be able to help you. In order to receive the program decryptor you need to follow this link…

Remember, the faster you act the more chances to recover your files undamaged.”

Are there any tools or special software that can help me recover files encrypted by this BitCrypt virus? Please suggest what to do as I need to work on some files on my computer.

Thanks
Jerome

1 Response

  1. johnyair says:

    There are decryption tools from Kaspersky that you may use to restore files affected by BitCrypt virus. These tools do not only decrypt files, they are also effective in removing the ransomware from the computer. You may try any of these tools that work well with the type of encryption performed by BitCrypt.

    Kaspersky RectorDecryptor

    This is effective in dealing with Trojan-Ransom.Win32.Rector family of ransomware. The tool was developed by Kaspersky Lab specialist to decrypt affected files.

    Using Rectordecryptor:
    1. Download the tool from this link:
    http://media.kaspersky.com/utilities/VirusUtilities/EN/xoristdecryptor.exe

    2. When download completes, double-click on the file to run.
    3. On RectorDecryptor interface, please click on Start Scan to run the utility.
    4. If it prompts for file location, please enter the path for BitCrypt encrypted files to begin the process.
    5. Please restart Windows to complete the decryption process when prompted.

    Kaspersky XoristDecryptor

    This utility was designed to decrypt files encrypted by Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Vandev family.

    Using XoristDecryptor:
    1. Download the tool from this link:
    http://media.kaspersky.com/utilities/VirusUtilities/EN/xoristdecryptor.exe

    2. When download completes, double-click on the file to run.
    3. On XoristDecryptor interface, please click on Start Scan to run the utility.
    4. If it prompts for file location, please enter the path for BitCrypt encrypted files to begin the process.
    5. Please restart Windows to complete the decryption process when prompted.

    The process should have removed BitCrypt. We highly suggest scanning the computer with anti-malware tool.