The Trojan-Ransom.Win32.Rector malware encrypts files with the following extensions: .jpg, .doc, .pdf, .rar. Then a cybercriminal nicknamed “††KOPPEKTOP††” offers to unblock the files and prompts to contact him:

ICQ: 557973252 or 481095
EMAIL: v-martjanov@mail.ru

Sometimes he asks to leave a message in the guest book of one of his websites:

http://trojan....sooot.cn/
http://malware....66ghz.com/

The messages displayed on the desktop of an infected computer are in Cyrillic.

1. Download the utility RectorDecryptor.exe to an infected computer. You can find the info how to download a file on the following pages:
   • For users of Windows 8
   • For users of Windows 7
   • For users of Windows Vista
2. Run the file RectorDecryptor.exe.
3. The utility starts working by clicking the button Start scan. 

1. It finds and decrypts encrypted files.

4. Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.
5. By default, the utility saves its runtime log in the system disk (disk with installed operating system, usually С:\) root directory.
6. 
   

   Log files have names like: UtilityName.Version_Date_Time_log.txt.
   

   For example, C:\RectorDecryptor.2.3.7.0_10.02.2011_15.31.43_log.txt.

• -l <file_name> - create a log file.
• -h – show help on usable switches.
• -fpath <folder_path> - enforced decryption of all files in the indicated folder.
  
  

If the RectorDecryptor utility cannot disinfect files, download and launch the XoristDecryptor utility.

If the RectorDecryptor utility cannot disinfect files, download and launch the RakhniDecryptor utility.

To be protected from ransom malware, download and install Kaspersky Internet Security 2015. Tha application provides high-level protection against ransom malware.