Iiss ransomware (Virus Removal Guide) - Decryption Methods Included

Iiss virus Removal Guide

What is Iiss ransomware?

Iiss ransomware is a cyber threat that stems from a prominent crypto-malware family Djvu

Iiss ransomwareIiss ransomware virus is the program that triggers encryption and demands money for file recovery.

Iiss ransomware is a type of cryptovirus that is classified as a money-extortion-based threat controlled by malicious actors.[1] These threats are known for accessing user machines without permission and encrypting all files on them. This way, cybercriminals behind the malware can ask for a ransom payment in return for a unique key. This is one of the newest versions in Djvu ransomware family that stems from STOP ransomware, known for a long time already. However, this version is not the last probably, because criminals release a new variant once a week, at least.

The malware encrypts all files with the help of a powerful encryption algorithm RSA and marks files using .iiss extension once the process of locking those pieces of documents, pictures, archives gets done. For example, a file “picture.jpg” is turned into a “picture.jpg.iiss,” making encoded data unusable. Once encryption is finished, the Iiss virus drops a ransom note _readme.txt, which is placed on the desktop and/or other locations within the computer. In the note, attackers write that they are willing to provide the decryption tool for a payment of $980 in return.

This sum should be transferred to Bitcoin cryptocurrency because it is a popular way to make a profit that hackers tend to rely on. The ransom note file also provides contact emails helpmanager@mail.ch, restoremanager@airmail.cc that you should use to get a hold of criminals. However, it is not recommended to pay the ransom due to the high risk of money loss and the possibility to suffer from permanent .iiss virus damage to the machine.

Name Iiss ransomware
Family Djvu/ Stop virus family
Extension Files appended with .iiss extension, e.g., “picture.jpg” is turned into “picture.jpg.iiss”
Ransom note _readme.txt
File marker .iiss
Contact emails helpmanager@mail.ch, restoremanager@airmail.cc
Distribution Threat spreads using pirating platforms that people use to get cracks, illegal software activation numbers, game cheats[2]
File recovery options

If no backups or file copies are available, recovering data is almost impossible. Nonetheless, we suggest you try alternative methods that could help you in some cases: media file repair tool; Emsisofts' decrypter; Windows OS options listed below.

Malware removal Perform a full system scan with powerful security software to remove Iiss ransomware
System fix Malware can seriously tamper with Windows systems, causing errors, crashes, and other stability issues after it is terminated even. To recover after the attack and repair the OS, avoid malware reinstallation, we recommend scanning it with the FortectIntego tool that can indicate or even fix the damage

Iiss ransomware is a virus designed to lock videos, music, and other files on your computer and hold them hostage until a ransom is paid. However, this is not the best option. Especially when it comes to the already known family of crypto-extortion malware. You should at least check if Emsisofts' decrypter can work and this way, determine if you need to search for other options.

Unfortunately, Iiss ransomware is one o the newest versions, so offline IDs are less likely used in this case. Online IDs mean that your unique decryption key is automatically formed when a virus connects to a remote server, so there are no identical decryption keys.

File recovery becomes more difficult unless you have reputable data backups stored on an external drive or remotely, so viruses can't encode them. So experts[3] recommend relying on professional tools or system functions when restoring encrypted files, so you can avoid getting more malware in addition to Iiss virus or trigger damage to your file backups.

Iiss ransomware virusIiss ransomware - a file-locking threat that triggers various changes on the machine.

Iiss ransomware virus – a computer infection that encrypts all personal files restricting access to them. Malware then drops a ransom note _readme.txt with various claims about the only solution to pay up:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID

This virus derives from a well-known family, which was first spotted in 2016 and improved tactics multiple times over the year 2019 and since then released multiple variants, including .efji, .erif, .lyli. In this article, we will provide alternative methods for .iiss file recovery and safe ways of deleting the infection from a Windows computer. This is the virus that mainly targets such operating systems.

Iiss ransomware removal is possible with tools like anti-malware or security programs, but even SpyHunter 5Combo Cleaner or Malwarebytes cannot ensure that your encrypted files will get restored easily. You need to fight malware with proper applications and then rely on file recovery software or clear the machine and replace affected files using safe copies.

Removing .Iiss virus is not the same as recovering ransomware encoded files

Since there are no official decryption tools and previously known STOPDecrypter is no longer supported, restoring Iiss ransomware files is related to your file backup habits. If you keep your file copies for data recovery options in the future and do that more often, you might have needed documents or images, video files archived.

However, you need to be sure that you remove Iiss ransomware completely before adding any files on the computer or installing additional programs on the system. You can suffer from secondary encryption round if you haven't terminated the threat properly.

Iiss file virusIiss virus is ransomware that can be detected by AV vendors and possibly removed from the machine.

There are possible ways to restore .Iiss files when ransomware is eliminated. It involves functions that Windows OS can offer, but malware can affect the machine's particular parts to affect the persistence and keep users away from getting their files back. Running a tool that can detect[4] ransomware and remove it is the first step.

The second step in the recovery from Iiss ransomware attack is file repair that involves software like FortectIntego, capable of finding and repairing system folders, files, functions, and features. Then you either replace files with copies or trust tools that can recover individual data for you without paying virus creators.

Focus on Iiss virus elimination procedures and make sure to clear the PC before the file recovery

Iiss ransomware virus can become persistent and extremely intrusive or dangerous when malicious actors manage to alter particular settings or files on the system. You should consider all these changes and virus damage when you are dealing with the threat of such type.

There are little to no options for particular data recovery and Iiss ransomware removal procedures because you can get rid of the malware, but the encrypted data remains changed. Anti-malware tools like SpyHunter 5Combo Cleaner or Malwarebytes can run on the machine and eliminate the infection, but your files still need to get repaired separately.

When you remove Iiss ransomware from the machine, pay attention to other needed procedures because anti-malware tools are not the only ones that can do everything on the computer. AV vendors only provide virus termination, so you need some program like FortectIntego for file repair in the system and functions recovery. Then third-party programs or system functions can help with the data restoring.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Iiss virus. Follow these steps

Manual removal using Safe Mode

Reboot the machine in a Safe Mode with Networking and then try to remove Iiss ransomware

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Iiss using System Restore

You can try System Restore feature and tackle the threat this way

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Iiss. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Iiss removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Iiss from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Iiss, you can use several methods to restore them:

You should restore files using reputable programs or techniques, so Data Recovery Pro is one of the applications capable of helping you

Data Recovery Pro can restore accidentally deleted files or data that gets encoded by malware like Iiss ransomware

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Iiss ransomware;
  • Restore them.

Windows Previous Versions feature can recover individual files after encryption

If you used System Restore for the termination of Iiss ransomware, you can rely on Windows Previous Versions for recovering affected files

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is the feature that allows file restoring to happen

You should ensure that the Iiss ransomware virus does not delete shadow Volume Copies before you can rely on ShadowExplorer

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There is a possible way to decrypt files marked with .iiss appendixes

Try Emsisofts' decrypter

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Iiss and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions