Threat Summary:




Trojan related ransomware

Short Description:

Encrypts users vital data and demands ransom money in return.


Users may see a ransom note with the instructions on how to pay ransom money to the them.

Distribution Method:

Malicious links and Junk email attachments.

Detection Process:

See this guide, if your PC has been infected with Trojan.Ransomcrypt.AM virus.

Know More About Trojan.Ransomcrypt.AM

Trojan.Ransomcrypt.AM is a nasty Trojan horse virus which creates creates several different files in the affected system and once it has taken control over the victims machine, it scans and encrypts crucial data from the computer. The specific strength of this malware is that it can scan for a wider range of the file formats compared to other ransomware viruses. The PC experts advise the users to immediately follow the instructions provided below in this post. It is strongly recommended to delete any files that the threat has created on the machine as fast as possible and then try to decrypt their vital files by using some of the methods mentioned at the end of this article.


Several Different Variants of Trojan.Ransomcrypt.AM

  • Trojan.Ransomcrypt.T
  • Trojan.Ransomcrypt.S
  • Trojan.Ransomcrypt
  • Trojan.Ransomcrypt.R

Trojan.Ransomcrypt.AM – How Did I Get Infected?

Trojan.Ransomcrypt.AM and its variants are distributed through spam email campaigns. A junk email may contain the several different files and resemble few reputable services that may fool the computer users into thinking that they are perfectly safe by resembling through reputable company or a person as a legit sender. One good example is Windows 10 Fake Upgrade email spam. The computer users are strongly advised to beware and use an external email software that has the spam filters. Although, Microsoft Outlook and the Mozilla Thunderbird that are one of the most preferred email addresses which managing the software out there and some PC users prefer them.

Technical Details on Trojan.Ransomcrypt.AM

The security experts have identified several different variants of this malware, besides the main variant of this nasty trojan. Once executed on the machine, the main variant of Trojan.Ransomcrypt.AM infection creates this malicious file and sets it as a wallpaper:

  • SystemDrive\vsworkdir\shantazh.jpg

After this, the malware begins to scan the system for the most opened and important files stored in the users computer. Some of them are:

  • .rtf, .jpg, .rar, .zip, .txt, .doc, .jpeg, .html, .htm, .php, .eml, .3gp, .7z

After establishing which system files are important for the users, the Trojan.Ransomcrypt.AM malware then encrypts all of the detected files and copies them with an added .vscrypt file extension to them. After doing so, it deletes the original files. After the trojan has finished with the encryption of targeted PC files, the hackers then changes the wallpaper to a message in Russian language and the restarts the infected machine. Therefore, in order to remove Trojan.Ransomcrypt.AM virus, please follow the step by step removal tutorial below to help you cope with this threat.

Scan PC to Remove Trojan.Ransomcrypt.AM

How to Uninstall Trojan.Ransomcrypt.AM from Control Panel from Windows 10

  • Click and Open Start Menu option


  • Settings option is to be selected on the menu to show all the contents


  • Click on System option


  • On the system Menu, Click on Apps and features option


  • Now Click on Trojan.Ransomcrypt.AM to remove it from PC.

How to Eliminate Trojan.Ransomcrypt.AM from Windows 8/8.1

Step 1: Press repeatedly F8 to boot PC in Safe Mode. Restart PC and select “Safe Mode with Networking”.


Step 2: Press ALT+Ctrl+Del to open Windows Task Manager. After that, search all the Trojan.Ransomcrypt.AM related processes and then click to “End Task”


Step 3: Type “regedit” in Run dialog box and open Windows Registry Editor. Search and delete all the corrupt registries added by Trojan.Ransomcrypt.AM infection.


Step 4: Go to Start and then click to open Control Panel.


After that, click Add/Remove Program


Uninstall Trojan.Ransomcrypt.AM associated programs from Windows 8/8.1


Uninstall Trojan.Ransomcrypt.AM From Window 7/vista

Tap on F8 Key to Enter Safe Mode


Restart PC and select “Safe Mode with Networking”


First of all close all running programs and open Task manager by pressing ALT + CTRL + DEL keys on your keyboard simultaneously.


Now Click on Processes menu and select all the processes associated with Trojan.Ransomcrypt.AM one by one then click on End Task.


Now go to the desktop, click on Start Menu on the left lower corner. Move to Control panel and use left mouse click over it.


The Control panel window will open, if are getting the view by Category find and click “Uninstall a program” below “Programs” group.


Now select Trojan.Ransomcrypt.AM within programs list and click on Uninstall.

Steps to Eliminate Trojan.Ransomcrypt.AM from Windows XP

Step 1: Restart PC in Safe Mode by continuously pressing F8 button. After that, select “Safe Mode with Networking”.


Step 2: Open Windows Task Manager by pressing Alt+Ctrl+Del together. After that, find and select all the Trojan.Ransomcrypt.AM associated processes and then click to “End Task” button.


Step 3: Open Run dialog box and then enter “regedit.exe” to open Windows Registry. Search and then delete all the corrupt and infectious registries added by Trojan.Ransomcrypt.AM.


Step 4: Click Start button and then go to Control Panel, click to open Windows Add/Remove Program. Search all the Trojan.Ransomcrypt.AM related programs and then uninstall it from Windows XP.



How to Uninstall Trojan.Ransomcrypt.AM From Your Infected Browser

A. Guidelines to Remove Trojan.Ransomcrypt.AM From Microsoft Edge Browser

How to Reset Default Search Engine to Uninstall Trojan.Ransomcrypt.AM

Select Settings after selecting More (…) on the address bar


Click and select on View advanced settings option

advance settings-edge

In order to input the search engine, Click on <Add new> under option”Search in the address bar with”


Select Search engine and adds as default by clicking on Add as default option.

How to Reset Default Homepage on Microsoft Edge to Uninstall Trojan.Ransomcrypt.AM

  • Select More (…) option on the address bar followed by settings
  • Select specific page or pages under Open with option
  • After selecting the Custom option, enter the URL of the homepage you wish to set as


B. How to Delete Trojan.Ransomcrypt.AM from Google Chrome

Click to Open Google Chrome and then click on menu icon which is on the top right corner and then select Tools → Extensions


Select all the malicious extensions including Trojan.Ransomcrypt.AM and then select trash icon


Again click on menu icon and select Settings and then click to Manage Search Engines under the Search section


In Search Engines, remove all the infectious search sites and set Google Chrome as Default Browser


C. How to Uninstall Trojan.Ransomcrypt.AM From Mozilla Firefox

Launch Mozilla Firefox and find and click “Firefox” button on the top left corner on the screen.


A drop down box will appear, navigate to Add-ons option and click on it.


In the next window select and click on “Extensions” in left pane.


Find Trojan.Ransomcrypt.AM add-on and click on the center area to see the border exactly and click on Disable button.
Wait a moment and let the add-on get disabled.


Now click the “Remove” button, later on uninstall the add-on Mozilla will ask you to restart the browser.


D. How to Remove Trojan.Ransomcrypt.AM From Internet Explorer

First of all Launch Internet explorer by clicking the Task-bar Icon on desktop.

Now Click on Tool Menu on web browser interface.


Select and click on Manage add-ons in the drop down box.

A View and manage your Internet Explorer Add-ons window will open, now click on “Toolbar and Extensions” option in left pane.

A list of all installed ad-ons will appear, select Trojan.Ransomcrypt.AM and click on “Disable” button and Reset IE


Click to Download Trojan.Ransomcrypt.AM Scanner