Malware of the family Trojan-Ransom.Win32.Xorist is designed for unauthorized modification of data on a victim computer. It makes computers uncontrollable or blocks its normal performance. After taking the data as a "hostage" (blocking it), a ransom is demanded from the user.

The victim is supposed to deliver the ransom to the pirate, who is promising to send in return a program which would release the data or restore normal performance of the computer.

There is a utility to confront malware of the family Trojan-Ransom.Win32.Xorist - XoristDecryptor.exe. The utility XoristDecryptor.exe is provided with a GUI.

Disinfection of an infected system:

  1. Download the XoristDecryptor.zip to an infected computer.
  2. Extract the utility using an archiver program, WinZip for example.
  3. Run the XoristDecryptor.exe file.
  4. Click the Start scan button to execute the utility. The utility will prompt you to enter path of at least one encrypted file to begin the decryption process. A search and decryption of encrypted files is performed.
  5. You can use the Delete crypted files after decryption option to delete copies of encrypted files (having extensions .crypted, .encrypted, etc.) once they have been successfully decrypted. By default, the utility outputs the execution log into the system disk (the one with the operating system installed) root directory.
    The log file has the following name : UtilityName.VersionDateTimelog.txt For example, C:\XoristDecryptor.2.0.0.015.02.201115.31.43log.txt