Published Apr 24, 2014 | Updated Sep 15, 2017

Win32/Dircrypt

Severe |Detected with Windows Defender Antivirus

Aliases: Trojan/Win32.Blocker (AhnLab) winpe/LockScreen.ADS (Norman) Trojan.Winlock.9241 (Dr.Web) Trojan.Win32.Dircrypt (Ikarus)

Summary

Windows Defender detects and removes this threat.

The threat might get into your PC through spam emails or by being downloaded by other malware.

It encrypts your files and holds them for ransom; it demands that you pay to get access to your files back. It might display a message that looks like this:

It can also lower your PC's security by changing certain settings.

Read more about threats like this in our ransomware page.

Find out ways that malware can get on your PC.

There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that paying the ransom will give you access to your files.

If you've already paid, see our ransomware page for help on what to do now.

Run antivirus or antimalware software

The following free Microsoft software detects and removes this threat:

However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use the free tool Windows Defender Offline:

The following articles may help if you're having trouble getting the tool to work:

After you've used Windows Defender Offline, you should update your security software and run a full scan:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit our advanced troubleshooting page for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Additional remediation instructions for this threat

This threat might make lasting changes to your PC's settings that won't be restored when it's cleaned. The following steps can help change these settings back to what you want:

Follow us