Ransom:Win32/Purubutu

Detected by Microsoft Defender Antivirus

Aliases: Trojan/Win32.Malco (AhnLab) Win32/TrojanDownloader.Delf.ATA trojan (ESET) W32/Dorifel.AMAD!tr (Fortinet) Trojan-Dropper.Win32.Dorifel (Ikarus) Trojan-Downloader.Win32.Rakhni.db (Kaspersky) Trojan-FGMZ!8FE715ED7B63 (McAfee) Troj/Delp-Z (Sophos)

Summary

Windows Defender detects and removes this threat.

This ransomware encrypts and deletes important files on your PC. It might also ask you to pay money to a malicious hacker.

Windows 10 protects you from ransomware. Read more:

Windows 10 Creators Update provides next-gen ransomware protection

Our ransomware page has more information on this type of threat.

Find out ways that malware can get on your PC.

There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that paying the ransom will give you access to your files.

If you've already paid, see ransomware page for help on what to do now.

Run antivirus or antimalware software

Use the following free Microsoft software to detect and remove this threat:

Windows Defender for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
Microsoft Safety Scanner

You should also run a full scan. A full scan might find hidden malware.

Advanced troubleshooting

To restore your PC, you might need to download and run Windows Defender Offline.

Get more help

You can also search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

.323	.cxx	.hxx	.mp3	.pdf	.rt	.swf	.wma
.aab	.dbf	.ico	.mp4	.pfr	.rtsp	.sxc	.wmd
.aam	.dcr	.iii	.mpa	.pgm	.rtx	.sxg	.wml
.aas	.deb	.ims	.mpe	.pict	.rv	.sxi	.wmlc
.abw	.dir	.ins	.mpeg	.pkg	.scd	.sxm	.wmls
.ai	.dist	.iso	.mpg	.pko	.scm	.sxw	.wmlsc
.aiff	.distz	.ivf	.mpkg	.pl	.sda	.t	.wmp
.arj	.dll	.jar	.mpp	.png	.sdc	.tar	.wms
.art	.dmg	.java	.ms	.pnm	.sdd	.targa	.wmv
.asf	.doc	.jpe	.msi	.pnq	.sdp	.tcl	.wmx
.asx	.dot	.jpeg	.mvb	.pntg	.ser	.tex	.wmz
.au	.dvi	.jpg	.nix	.pot	.setpay	.texi	.wp5
.avi	.dxr	.js	.nml	.ppm	.setreg	.texinfo	.wpd
.bat	.ebk	.karbon	.o	.pps	.sgi	.tgz	.wpl
.bcpio	.eps	.kfo	.oda	.ppt	.sgm	.tif	.wps
.bmp	.evy	.kon	.odb	.ppz	.sgml	.torrent	.wri
.bz2	.exe	.kpr	.odc	.ps	.sh	.tr	.wsc
.c++	.fdf	.kpt	.odf	.psd	.shar	.trm	.wvx
.c	.fif	.kwd	.odg	.pub	.shtml	.troff	.xbm
.cab	.flc	.kwt	.odi	.qcp	.shw	.tsp	.xbm
.cat	.flm	.latex	.odm	.qpw	.sit	.ttz	.xfdf
.cc	.fml	.lcc	.odp	.qtif	.skd	.txt	.xlb
.ccn	.gif	.lha	.ods	.qtl	.skm	.uin	.xls
.cco	.gnumeric	.lrm	.odt	.ra	.skp	.uls	.xml
.cdf	.gsm	.ls	.ogg	.ram	.skt	.urls	.xpi
.cer	.gtar	.lzh	.otg	.rar	.smf	.ustar	.xpm
.chm	.gz	.m13	.oth	.rdf	.smi	.vcd	.xps
.chrt	.h++	.m14	.otp	.rf	.smil	.vcf	.xsd
.cil	.h	.m3u	.ots	.rgb	.spl	.vor	.xul
.class	.hdf	.man	.ott	.rjs	.ssm	.vsl	.xwd
.clp	.hh	.mdb	.p10	.rm	.sst	.wav	.z
.com	.hlp	.me	.p12	.rmf	.stc	.wax	.zip
.cpio	.hpf	.mid	.p7b	.rmp	.std	.wb1	.zoo
.cpp	.hpp	.mjf	.p7m	.rms	.sti	.wb2
.cpt	.hqx	.mny	.p7r	.rmx	.stl	.wb3
.cqk	.hta	.mocha	.p7s	.rnx	.stw	.wbmp
.crd	.htc	.mov	.p	.rp	.sv4cpio	.wcm
.crl	.htm	.movie	.package	.rpm	.sv4crc	.wdb
.csh	.html	.mp2	.pas	.rsml	.svg	.wks
.css	.htt	.mp3	.pbm	.rss	.svi	.wm

Files	SHA1s
.Doc or .docx
	485d7cbed93a9019d3c0622a243d0545af46193b
	c71781c998f773feb08fc585bb8e8df3d7bf6344

.Exe
	1f2c387fb698fdd9c35ff85e4c96d8de27bfdf4e
	3d95d1e3ab3565c628f5333a51716f2f76cbf93a
	c3c34f7a9aef2a5e063919597bc1095cf0699801
	4a7f92e871ba0ce82b2bd57fd0eebb1de6fa7b60
	9af017f13cc4cdf1c7590b64d30234b0ab52285f
	a2f1c5b20c4c8991031f865f3ec0350c591b7d50
	b7b4982261e847e8ba64d42fc6845f3670d3b5ca
	5c21c249166ac7447474294cb467ace3b768b77e
	b12e3514471758ad48b0c666fea26081bf8fbcef
	4056e30d9d42ed89a53e68be7df6c7ab2c9258ca
	e0748aea6ec92515fe31b641623bc1bb672c1601
	ba1c5db5bf4445703603b2847bc52b89ad1f4383

Downloaded .exe
Downloaded .exe	c957e05983073a88287b27ddd6fb859363022607

.323	.cxx	.hxx	.mp3	.pdf	.rt	.swf	.wma
.aab	.dbf	.ico	.mp4	.pfr	.rtsp	.sxc	.wmd
.aam	.dcr	.iii	.mpa	.pgm	.rtx	.sxg	.wml
.aas	.deb	.ims	.mpe	.pict	.rv	.sxi	.wmlc
.abw	.dir	.ins	.mpeg	.pkg	.scd	.sxm	.wmls
.ai	.dist	.iso	.mpg	.pko	.scm	.sxw	.wmlsc
.aiff	.distz	.ivf	.mpkg	.pl	.sda	.t	.wmp
.arj	.dll	.jar	.mpp	.png	.sdc	.tar	.wms
.art	.dmg	.java	.ms	.pnm	.sdd	.targa	.wmv
.asf	.doc	.jpe	.msi	.pnq	.sdp	.tcl	.wmx
.asx	.dot	.jpeg	.mvb	.pntg	.ser	.tex	.wmz
.au	.dvi	.jpg	.nix	.pot	.setpay	.texi	.wp5
.avi	.dxr	.js	.nml	.ppm	.setreg	.texinfo	.wpd
.bat	.ebk	.karbon	.o	.pps	.sgi	.tgz	.wpl
.bcpio	.eps	.kfo	.oda	.ppt	.sgm	.tif	.wps
.bmp	.evy	.kon	.odb	.ppz	.sgml	.torrent	.wri
.bz2	.exe	.kpr	.odc	.ps	.sh	.tr	.wsc
.c++	.fdf	.kpt	.odf	.psd	.shar	.trm	.wvx
.c	.fif	.kwd	.odg	.pub	.shtml	.troff	.xbm
.cab	.flc	.kwt	.odi	.qcp	.shw	.tsp	.xbm
.cat	.flm	.latex	.odm	.qpw	.sit	.ttz	.xfdf
.cc	.fml	.lcc	.odp	.qtif	.skd	.txt	.xlb
.ccn	.gif	.lha	.ods	.qtl	.skm	.uin	.xls
.cco	.gnumeric	.lrm	.odt	.ra	.skp	.uls	.xml
.cdf	.gsm	.ls	.ogg	.ram	.skt	.urls	.xpi
.cer	.gtar	.lzh	.otg	.rar	.smf	.ustar	.xpm
.chm	.gz	.m13	.oth	.rdf	.smi	.vcd	.xps
.chrt	.h++	.m14	.otp	.rf	.smil	.vcf	.xsd
.cil	.h	.m3u	.ots	.rgb	.spl	.vor	.xul
.class	.hdf	.man	.ott	.rjs	.ssm	.vsl	.xwd
.clp	.hh	.mdb	.p10	.rm	.sst	.wav	.z
.com	.hlp	.me	.p12	.rmf	.stc	.wax	.zip
.cpio	.hpf	.mid	.p7b	.rmp	.std	.wb1	.zoo
.cpp	.hpp	.mjf	.p7m	.rms	.sti	.wb2
.cpt	.hqx	.mny	.p7r	.rmx	.stl	.wb3
.cqk	.hta	.mocha	.p7s	.rnx	.stw	.wbmp
.crd	.htc	.mov	.p	.rp	.sv4cpio	.wcm
.crl	.htm	.movie	.package	.rpm	.sv4crc	.wdb
.csh	.html	.mp2	.pas	.rsml	.svg	.wks
.css	.htt	.mp3	.pbm	.rss	.svi	.wm

Ransom:Win32/Purubutu

Summary

What to do now

Run antivirus or antimalware software

Advanced troubleshooting

Get more help

Technical information

Threat behavior

Installation

Payload

Prevention

Symptoms