Remove .__dilmaV1 Virus Files and Restore Your Computer

The .__dilmaV1 Virus, also known as Dilma Locker, is a dangerous threat that infects computers worldwide and renames files with the .__dilmaV1 extension. It is being distributed at the moment as a fake Adobe Acrobat Reader installer or executable file. Follow our removal guide to learn how to remove active infections and protect yourself from incoming infections.

Manual Removal Guide
Recover .__dilmaV1 Virus Files
Skip all steps and download anti-malware tool that will safely scan and clean your PC.

DOWNLOAD .__dilmaV1 Virus Removal Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

How Does .__dilmaV1 Virus Infiltrate the System?

The primary method of distribution is through fake software installers. The hacker or criminal collective behind the attacks are using Adobe Reader installers that are modified to include the malware threat. They are then distributed on hacker-controlled sites that usually resemble the legitimate sources. The hackers frequently use images and text that are found on the original sites and create identical pages.

Users can get redirected to them by falling victim to several different Internet traps:

  • Browser Hijackers ‒ They are malicious browser extensions that pose as useful add-ons and are widely available on the browser plugin markets, hacked sites and other places. Once installed on the victim’s computer they have the ability to infect many of the popular web browsing software: Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Safari, Microsoft Edge. The victims will find that important settings are changed ‒ the default home page, search engine and new tabs page. This leads to serious security implications as the victims will find that they are redirected to a hacker-controlled site or malicious network. In addition the majority of the browser hijackers also extract sensitive information from the victims: passwords, cookies, history, bookmarks, settings and account credentials. Many browser hijackers deliver various malware as part of their initial infection sequence, including the .__dilmaV1 virus.
  • Script Redirects ‒ Hackers can craft scripts placed on sites, ad networks and spam messages that can redirect to sites holding the malicious instance.
  • Counterfeit Download Sites ‒ They are made to appear as legitimate places where applications can be found. The criminals tend to use graphics, images and domain names that resemble popular portals.
  • Malicious Ad Networks ‒ Computer criminals frequently resort to abusing legitimate ad networks or using their own creations. This allows them to place links to the .__dilmaV1 virus even on popular portals.

Still the most popular way of spreading malware such as the .__dilmaV1 virus is the use of spam email messages that use social engineering tricks to lure the targets into infecting themselves. There are several different ways of getting infected with the dangerous instances. The criminals can attempt to link the .__dilmaV1 file in the body contents or as file attachments. Depending on the used template they may include various scams that try to capture the attention of the victims and make them click on the malicious files.

Delivery is also possible by infected documents containing scripts that lead to a .__dilmaV1 infection. Usually they come in the form of rich text documents, spreadsheets and databases. When the victims opens them up a notification prompt appears which asks them to enable the built-in scripts. If this is done the malware sample is downloaded from a remote address and executed on the local computer.

The current wave of hacker attacks predominantly use the filename AdobeRd32.exe which is the name of the Adobe Acrobat Reader executable. The first intrusion were reported a few days ago, the security experts that track the incidents report that the majority of the victims are based in Brazil.

Infection Flow of .__dilmaV1 Virus

Upon infection with the threat it starts to execute a sequence of commands that are prescribed by the hacker or criminal collective behind the intrusions. It is very possible that the executed code is based on the intended goals. At the moment the .__dilmaV1 virus files appear to target mainly end users and not big institutions.

This tactic follows most contemporary malware that seek to modify essential computer settings. Depending on the acquired sample this may lead to registry settings modification or other changes that can result in a persistent state of execution. Such infections can only be removed using a quality anti-spyware solution.

Once all changes have been made the .__dilmaV1 virus initiates a locksreen instance that effectively blocks ordinary user interaction until the malware is removed completely from the system. It shows an image of Dilma Rousseff, Brazilian politician. Sensitive user files are encrypted with the .__dilmaV1 extension. It reads the ransomware note written in Brazilian:

Oops, todos os seus arquivos foram criptografados!!!
Seus documentos: fotos, vídeos, bancos de dados e outros arquivos importantes foram criptografados utilizando o algoritmo AES de 256 bits (mesma criptografia utilizada pelo governo americano para proteger segredos de estado), ou seja, é impossível recuperar seus arquivos sem a senha correta!
Caso haja interesse em obter essa senha e recuperar seus arquivos, recomendamos que entre em contato e siga as instruções!
Em 4 dias seus arquivos serão DELETADOS!
Leia o arquivo ‘RECUPERE_SEUS_ARQUIVOS.html’ que foi criado em sua área de trabalho.
Contato: [email protected]

An English machine translation reveals the following message:

Oops, all your files have been encrypted !!!
Your documents: photos, videos, databases and other important files were encrypted using the 256-bit AES algorithm (same encryption used by the US government to protect state secrets), ie it is impossible to recover your files without the correct password!
If you are interested in obtaining this password and recovering your files, we recommend that you contact us and follow the instructions!
In 4 days your files will be DELETED!
Read the file ‘RECUPERE_SEUS_ARQUIVOS.html’ that was created on your desktop.
Contact: [email protected]

In addition the message is also crafted in a RECUPERE_SEUS_ARQUIVOS.html file. As usual the hackers provide a contact e-mail address. The criminals behind the attacks use blackmail tactics to “negotiate” a ransomware sum that is paid in return for a “restore” key. As the transactions are made using Bitcoins they cannot be traced down. In virtually all cases the victims do not receive the necessary file and are left with the active infections.

Remove .__dilmaV1 Virus and Restore Data

WARNING! Manual removal of .__dilmaV1 Virus requires being familiar with system files and registries. Removing important data accidentally can lead to permanent system damage. If you don’t feel comfortable with manual instructions, download a powerful anti-malware tool that will scan your system for malware and clean it safely for you.

DOWNLOAD Anti-Malware Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

.__dilmaV1 Virus- Manual Removal Steps

Start the PC in Safe Mode with Network

This will isolate all files and objects created by the ransomware so they will be removed efficiently. The steps bellow are applicable to all Windows versions.

1. Hit the WIN Key + R

2. A Run window will appear. In it, write msconfig and then press Enter

3. A Configuration box shall appear. In it Choose the tab named Boot

4. Mark Safe Boot option and then go to Network under it to tick it too

5. Apply -> OK

Show Hidden Files

Some ransomware threats are designed to hide their malicious files in the Windows so all files stored on the system should be visible.

1. Open My Computer/This PC

2. Windows 7

    – Click on Organize button
    – Select Folder and search options
    – Select the View tab
    – Go under Hidden files and folders and mark Show hidden files and folders option

3. Windows 8/ 10

    – Open View tab
    – Mark Hidden items option

how to make hidden files visible in Windows 8 10 bestsecuritysearch instructions

4. Click Apply and then OK button

Enter Windows Task Manager and Stop Malicious Processes

1. Hit the following key combination: CTRL+SHIFT+ESC

2. Get over to Processes

3. When you find suspicious process right click on it and select Open File Location

4. Go back to Task Manager and end the malicious process. Right click on it again and choose End Process

5. Next, you should go folder where the malicious file is located and delete it

Repair Windows Registry

1. Again type simultaneously the WIN Key + R key combination

2. In the box, write regedit and hit Enter

3. Type the CTRL+ F and then write the malicious name in the search type field to locate the malicious executable

4. In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Click for more information about Windows Registry and further repair help

Recover .__dilmaV1 Virus Files

WARNING! All files and objects associated with .__dilmaV1 Virus should be removed from the infected PC before any data recovery attempts. Otherwise the virus may encrypt restored files. Furthermore, a backup of all encrypted files stored on external media is highly recommendable.

DOWNLOAD .__dilmaV1 Virus Removal Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

1. Use present backups

2. Use professional data recovery software

Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.

3. Using System Restore Point

    – Hit WIN Key
    – Select “Open System Restore” and follow the steps


4. Restore your personal files using File History

    – Hit WIN Key
    – Type restore your files in the search box
    – Select Restore your files with File History
    – Choose a folder or type the name of the file in the search bar
    – Hit the “Restore” button

Preventive Security Measures

  • Enable and properly configure your Firewall.
  • Install and maintain reliable anti-malware software.
  • Secure your web browser.
  • Check regularly for available software updates and apply them.
  • Disable macros in Office documents.
  • Use strong passwords.
  • Don’t open attachments or click on links unless you’re certain they’re safe.
  • Backup regularly your data.
  • Was this content helpful?

    Author : Martin Beltov

    Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *