We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/Dircrypt
Aliases: Trojan/Win32.Blocker (AhnLab) winpe/LockScreen.ADS (Norman) Trojan.Winlock.9241 (Dr.Web) Trojan.Win32.Dircrypt (Ikarus)
Summary
Windows Defender detects and removes this threat.
The threat might get into your PC through spam emails or by being downloaded by other malware.
It encrypts your files and holds them for ransom; it demands that you pay to get access to your files back. It might display a message that looks like this:
It can also lower your PC's security by changing certain settings.
Read more about threats like this in our ransomware page.
There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that paying the ransom will give you access to your files.
If you've already paid, see our ransomware page for help on what to do now.
Run antivirus or antimalware software
The following free Microsoft software detects and removes this threat:
- Microsoft Defender Antivirus  for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use the free tool Windows Defender Offline:
The following articles may help if you're having trouble getting the tool to work:
- Windows Defender Offline: frequently asked questions
- Microsoft's Free Security Tools - Windows Defender Offline
After you've used Windows Defender Offline, you should update your security software and run a full scan:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also visit our advanced troubleshooting page for more help.
If you’re using Windows XP, see our Windows XP end of support page.
Additional remediation instructions for this threat
This threat might make lasting changes to your PC's settings that won't be restored when it's cleaned. The following steps can help change these settings back to what you want:
- Restore my system registry:
- For Windows 7
- For Windows Vista
- Restore security settings to a known working state
- Start Windows services:
- For Windows 7
- For Windows Vista
- Enable Task Manager:
- For Windows 7
- For Windows Vista
- Enable Windows Automatic Updates
- Enable Windows Security Center/Action Center alerts:
- For Windows 8.1
- For Windows 7
- For Windows Vista
- For other support and help related articles, go to:
- Microsoft Security TechNet Center
