Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to remove the jigsaw cryptoware


  • This topic is locked This topic is locked
2 replies to this topic

#1 aayanpk

aayanpk

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 04 July 2016 - 11:03 AM

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt-1.png

If there are suspicious IPs below “Localhost” 

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt.png

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Step3.png

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask me

ight click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

malware-start-taskbar.jpg

Step4.png

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and  type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added.

Step5.png 

How to Decrypt files infected with the Jigsaw Ransomware Virus

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field

If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

 thanks for reading this i hope it works for you  :thumbup2:



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:27 AM

Posted 04 July 2016 - 12:54 PM

This "guide" has nothing to do with Jigsaw. Jigsaw uses certain predictable executable names running under AppData, it is 100% decryptable, and deleting the malware is not a good idea until files have been confirmed to be decryptable, such as in the event of it being a new variant - in which case I would simply need the malware sample to update the decrypter. Jigsaw also does not modify the hosts file; it makes no network calls either.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 AM

Posted 05 July 2016 - 06:16 AM

There is an ongoing discussion in this topic where Jigsaw victims can get information and assistance.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users