Microsoft Decryptor Ransomware Removal Guide

Microsoft Decryptor Ransomware is a dangerous infection that does not even try to live up to its promises. You might wonder, what a malicious infection could promise you. Well, this ransomware program says that it will issue a decryption key for your files if you pay the ransom fee, but we can assure you the program will do nothing of the sort. Your task right now is to remove Microsoft Decryptor Ransomware from your system immediately, and then restore your files from a backup drive. Unfortunately, that is the only option security experts can offer at the moment because no decrypter has been released as of yet.

Unlike most of the ransomware programs, this infection does not make use of spam email messages for distribution. In fact, it would be futile to try and do so because you need .exe files to launch the infection when you download a spam email attachment. Microsoft Decryptor Ransomware, on the other hand, uses .dll files for the infection, and you cannot really launch them just by clicking them. So, the program employs Angler Exploit Kits to spread around. Exploit kits use the process known as a drive-by download. It automatically redirects your browser to a malicious website that hosts the exploit, and then you get infected with Microsoft Decryptor Ransomware.

Once the malicious .dll file is downloaded on your computer, the ransomware program creates a random-name folder in the %TEMP% directory and puts the file there. The folder looks like it is one of the many CLSID folders, for example, {C3F31E62-344D-4056-BF01-BF77B94E0254}\api-ms-win-system-softpub-l1-1-0.dll. In order to launch the file itself, Microsoft Decryptor Ransomware employs the rundll32.exe from %WINDIR%\SysWOW64 or %WINDIR%\System32. The infection copies the file and places it into its CLSID folder under the name svhost.exe. Take note, however that the original rundll32.exe file from its own directory is legitimate and necessary for your system to run properly.

According to our data, Microsoft Decryptor Ransomware is yet another version of the CryptXXX Ransomware. These programs are known to be dormant for a quite some time (sometimes even an hour) when they enter target systems. However, once the malicious file is launched, the program displays a notification on your screen that says the following:

What happened to your files?
All your files were protected by a strong encryption with RSA4096
<…>
What do I do?
So, there are two ways you can choose: wait for a _miracle_and get _your_ PRICE DOUBLED! Or start obtaining *BITCOIN NOW! , and restore _YOUR_ _DATA_ easy way

As you can obviously see, the application is extremely intrusive and obnoxious. It also makes use of the cyber currency (bitcoin) to collect ransom payments. This way the transactions are harder to trace, and, as a result, the criminals behind these attacks can make an easier run for it.

Once again, we urge you to keep your money to yourself because the users who ended up paying the fee have reported that the decryption key sent by the ransomware’s creators does not work. Thus, you need to delete Microsoft Decryptor Ransomware immediately and then copy and paste all of your affected files back to your PC from an external back-up drive. If you do not have one, try and think where you might have stored some of your most important files. Users quite often have a lot of files saved in their email boxes and on social media.

As far as the removal of this ransomware is concerned, you should seriously consider doing it with a licensed antispyware tool. Manual removal is tedious, and you miss some malicious files that might have already been there before this program entered your computer. Thus, whichever removal method you choose, be sure that you run a full system scan with the SpyHunter free scanner afterwards.

How to Delete Microsoft Decryptor Ransomware

1. Press Win+R and the Run prompt will open.
2. Type %Temp% and click OK.
3. Open the random CLSID folder and remove the random name .dll file.
4. Exit the directory and press Win+R again.
5. Enter %ALLUSERSPROFILE% into the Open box and click OK.
6. Access the directory and remove the unique ID .bmp and .html instruction files.
7. Close the directory and press Win+R once more.
8. Type %USERPROFILE% and press Enter.
9. Remove the unique ID .bmp, .html, and .txt files.