Kaspersky RectorDecryptor for decrypting files affected by Trojan-Ransom.Win32.Rector
Do you want to prevent infections? Install Kaspersky for Windows
Trojan-Ransom.Win32.Rector malware encrypts .jpg, .doc, .pdf and .rar files on a computer and demands ransom for decryption. To decrypt the files, use the Kaspersky RectorDecryptor tool.
To prevent infection:
- Download and install new Kaspersky applications that protect against screen-locking and file-encrypting malware.
- Follow the recommendations on how to protect your PC against file-encrypting ransomware.
Learn more about the technologies that Kaspersky uses to protect against malware, including encryptors, on the TechnoWiki page.
How to decrypt files with Kaspersky RectorDecryptor
- Download the RectorDecryptor tool.
- Run the RectorDecryptor.exe file on the infected computer.
- Read the License agreement carefully. If you agree to all of its terms, click Accept.
- Click Change parameters.
- Select the Delete crypted files after decryption check box to remove the copies of the encrypted files with .vscrypt, .infected, .bloc or .korrektor extensions and click OK.
- Copy the encrypted files to one folder (if folder extensions haven’t been changed by malware).
- Click Start scan.
- Specify the path to the encrypted file or to the folder with encrypted files.
The report will be created on a system drive (usually, disk C:\). The report is saved under the name: RectorDecryptor.Tool_version_Date_Time_log.txt.
How to use the tool through the command line
Kaspersky RectorDecryptor supports the following command line parameters for convenient and faster file decryption:
| Parameter | Value | Example |
|---|---|---|
| -l <file name with a full path to it> | Set the path to the file where the tool report should be saved. | RectorDecryptor.exe -l C:\Users\Administrator\RectorReport.txt |
| –fpath <full path to the folder> | Set the path to the folder that you want to decrypt. | RectorDecryptor.exe –fpath C:\Users\Administrator\Encrypted |
| –hanarp <password> | Set the password to decrypt files encrypted by Hanar. | RectorDecryptor.exe –hanarp password |
| –hanarphex <password> | Set the password in hexadecimal format to decrypt files encrypted by Hanar. | RectorDecryptor.exe –hanarphex 70617373776F7264 |
| –rakhnipath <file name with a full path to it> | Set the path to the decrypting.txt file created by Rakhni. | RectorDecryptor.exe –rakhnipath C:\Users\Administrator\decrypting.txt |
| –rakhnivals <password> | Set the password to decrypt files encrypted by Rakhni. | RectorDecryptor.exe –rakhnivals password |
| -h | View help about the available command line options. | RectorDecryptor.exe -h |