1. Download the Kaspersky RectorDecryptor tool.
2. Run RectorDecryptor.exe on the infected computer.
3. Carefully read the Kaspersky Lab End User License Agreement. Click Accept if you agree with all the points.
4. Click Change parameters.

5. Select the checkbox Delete crypted files after decryption to delete the copies of the encrypted files with VSCRYPT, INFECTED, BLOC or KORREKTOR extensions.
6. Click OK.

7. Copy the encrypted files to one folder (if folder extensions haven’t been changed by malware).
8. Click Start scan.

9. Specify the path to the encrypted file or to the folder with encrypted files.

Files will be decrypted and their copies will be deleted.  

The report will be created on a system drive (usually, disk C:\). The report is saved under the following name: RectorDecryptor.Tool_version_Date_Time_log.txt.

To view a list of the available command prompt parameters for the Kaspersky RectorDecryptor tool, use the command:

To use the tool from the command prompt, use the parameters in the table below:

If the tool didn’t help, submit a request to technical support through My Kaspersky with a detailed description of your issue.

For information on how to use My Kaspersky, please refer to the  Online Help page.