DirtyDecrypt is a ransomware that infects your system as you visit the attack sites specially designed to download and run malicious DirtyDecrypt files on your system. Once it infects your system, it starts to encrypt your personal documents using the RSA cipher. When you double-click on the infected files, a picture is displayed showing you how to pay the ransomware authors to have your files decrypted. It asks for 100 GBP to be paid for the decryption of your files.
But some people who have actually paid the cyber-criminals money to have their files decrypted did not get anything but only an error message. Moreover, it further downloads more malware on your PC even after you have paid them. The best thing is to just get rid of this malware and restore your files from a backup. Here is how you can remove DirtyDecrypt from your computer:
- Restart your computer in the Safe Mode with Networking. To do so, power on your computer and keep hitting F8 key until you see the Windows Advanced Options Menu. Use the up-down arrows keys on your keyboard to highlight Safe Mode with Networking and press Enter.
If your computer can only boot in the Normal mode and not in the Safe mode, then download winsafeboot.zip. Extract the contents to a folder and run the REG file corresponding to your Windows version. Click Yes when asked and restart your computer.
- After booting into the Safe Mode with Networking, follow the instructions on this page to restore EXE associations in Windows. Typically, you would download restore_exe_association.com and run it. You should also disable proxy servers in Internet Explorer by following instructions on this page.
- Now open your Internet Explorer browser from the desktop shortcut, do not open it from the Start Menu. If the DirtyDecrypt screen shows up instead, then press Win + R key combination, type iexplore.exe and press the Enter key on your keyboard to open the Internet Explorer. Then download Malwarebyte’s Anti-Malware from mbam-setup.exe. Rename mbam-setup.exe to mbam-setup.com. Double-click on mbam-setup.com to run the setup and install Malwarebytes’ Anti-Malware (MBAM) on your computer. Choose to update and launch when asked. The update would take some time in downloading the latest malware database from the MBAM servers.
- After the update is complete, the main window of the MBAM would open. Choose Perform quick scan and click on the Scan button as shown.
- The scan would run for some time. After the scan is complete you would see the DirtyDecrypt related items in the detected malware list. MBAM detects it as Trojan.DirtyDecrypt. The entries would be pre-selected for removal. Click on the Remove Selected to start the removal process.
- You would be asked to restart your computer for complete removal. Click on the Yes button to restart your computer.
This time start the computer in the Normal mode (just do not hit any F8 key). Upon restart the DirtyDecrypt malware should be gone. You should also perform a complete scan using the Malwarebytes’ Anti-Malware and ESET Online Scanner to get rid of any other malware possibly infesting your computer.