Remove dirtydecrypt.exe a.k.a. Revoyem, Trojan.Ransomcrypt.D - How to, Technology and PC Security Forum |

Remove dirtydecrypt.exe a.k.a. Revoyem, Trojan.Ransomcrypt.D

TypeRansomware, Ransomware Trojan
Short DescriptionDirtyDecrypt encrypts the victim’s files and asks for payment.
SymptomsThe user’s PC is locked and his files cannot be reached.
Distribution MethodVia exploit kits and visiting adult content websites.
Detection toolDownload SpyHunter, to See If Your System Has Been Affected By dirtydecrypt.exe
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

A Trojan Ransomware called DirtyDecrypt, also known asTrojan.Ransomcrypt.D, Revoyem and dirtydecrypt.exe has been around since July 2013. According to new data, the ransomware has been recently revived. Due to its malicious character, many users refer to the threat as DirtyDecrypt virus but it is indeed a Ransomware Trojan. Various antivirus programs detect the threat under different aliases. Hence, its detection rate is quite high. Revoyem mainly targets computers located in Europe and the United States. However, there is no guarantee that the attacks won’t spread to other continents. After all, we have been witnessing an extensive and aggressive ‘ransomware revolution’, thanks to which many users and businesses have lost millions of dollars.

DirtyDecrypt, dirtydecrypt.exe Detection and Description

According to analysis by Symantec, the systems affected by DirtyDecrypt include:

  • Windows 2000
  • Windows 7
  • Windows NT
  • Windows Vista
  • Windows XP

Once Revoyem is activated, it may copy itself to these locations:

  • %ProgramFiles%\Adobe\[RANDOM CHARACTERS].exe
  • %Temp%\[RANDOM CHARACTERS].exe
  • %UserProfile%\Local Settings\Application Data\Identities\[RANDOM CHARACTERS].exe

Also, in most of the cases, DirtyDecrypt locks the computer and displays a ransomware image named “DIRTY ALERT.” The message may look like this:


As visible, the user’s image, video, MS Office and PDF files are encrypted and cannot be open. Typically, to have his files decrypted, the victim will be asked for payment. One of the following payment methods should be used:

  • Ukash
  • PaySafeCard
  • MoneyPak

However, we would like remind you that paying the ransom doesn’t mean that the files will be safely deciphered. The safest way to stay secure against file-encrypting threats is periodically backing up important files via cloud services or external memory devices.

DirtyDecrypt.exe Distribution, Encryption Process and Payload

Symantec has reported that the following types of files may be encrypted by Revoyem:

→7z, avi, doc, docm, docx, jpeg, jpg, mpeg, mpg, pdf, png, rar, rtf, wmv, xls, xlsm, xlsx, zip

According to security researchers, DirtyDecrypt is usually spread via porn websites. Security blogger Kafeine has unveiled that once at the porn site, the victim will be redirected to a Child Porn themed page with highly disturbing image content. Styx Exploit Kit is most likely used for the distribution process. Researchers at Enigma Software have called Styx a ‘dangerous Web based malware infection’ used to spread malicious threats. In the present case, Styx is employed to drop the DirtyDecrypt ransomware that locks the computer. A message informing the victim that they just have viewed illegal content even if they have been driven to it against their will may also be presented.

DirtyDecrypt.exe Removal Process, File Decryption and Prevention

As we always highlight, the safest ways to be protected against ransomware are:

  • Sustaining and frequently updating a professional anti-malware program on the system.
  • Periodically backing up important files via external memory devices or cloud services.

Also, here are easy step-by-step instructions to enable the Microsoft Windows Defense

feature to backup your files and have the ability to restore them immediately to an

earlier state before their encryption:

1) Download a particular anti-malware scanner and remove the dirtydecrypt.exe files from the computer.

2) Open Properties by right-clicking on My Computer

and then choosing it.

properties (1)

3) Open Advanced System Settings

advanced-system- settings

4) Go to System Protection.

configure- protection-290x300
5) Mark the HDD partition on which you have necessary files, and you want to defend.

6) Click Configure and then click on Turn On System


7) Click OK and you are all set

After you have this protection switched on, if something happens to your data, you

may be able to restore them, using those steps:

1) Right-Click the encrypted file and then choose Properties.

2) Click the Previous Versions button.

3) At this point, you should see an earlier version of the file with a ‘last

modified’ date.

4) Mark the file with the mouse and then choose the down-right button that says



If your files were previously encrypted, this software might leave some files, such

as registry values and others on your system. That is why recommendations are to

download a particular anti-malware program that will ensure your protection and

terminate any traces of the malicious software.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share