JagerDecryptor ransomware / virus (Virus Removal Guide)

JagerDecryptor virus Removal Guide

What is JagerDecryptor ransomware virus?

What do we know about JagerDecryptor ransomware virus?

JagerDecryptor virus closely relates to Jager ransomware virus. This ransomware-type malware variant uses AES-256 encryption to encode victim’s files and asks for ransom. It promises to provide JagerDecryptor software right after the payment is made, and this tool is supposed to recover user’s files. However, you should not buy this decryptor, as it can come in a bundle with other malicious files and do more harm than good. If JagerDecryptor virus has slithered to your PC, remove it without a hesitation. Choose the automatic JagerDecryptor removal option to delete this virus without corrupting important system files and uninstalling only the required items.

This particular ransomware variant utilizes a unique technique to make victims pay – it states that the decryption price is going to grow up in case the victim decides not to pay or delays the decryption process. The ransom note that this virus leaves on the compromised computer says that the initial ransom price is 50 Euros, but it grows by 50$ every 24 hours. According to cyber criminals, the decryption software will no longer work if the victim buys it after 72 hours. We believe that it is just an attempt to push the victim to pay the ransom as soon as possible, so there is no need to take these words seriously. Besides, you should not pay the ransom since there is no guarantee that these crooks will actually provide you with the encryption key. Crooks even provide their email address – smartfiles9@yandex.ru, so that the victim could contact them and ask questions. If you think that you can get in touch with cyber criminals and convince them to give you the decryption key for free, you are wrong – these frauds are not going to negotiate, and they do not feel sorry for you. Since a free Jager decryption tool has not been released yet, remove JagerDecryptor scam from your system using automatic malware removal tool, for example, FortectIntego.

Unfortunately, there is no way to detect and understand that the computer has been affected by this virus until it finishes the encryption process. At the end of the encoding procedure, the malware creates ransom notes and saves them on victim’s computer. Ransom notes can be found in two different formats – Important_Read_Me.txt and Important_Read_Me.html. Both of these contain the same information; they link the victim to the payment site where the ransom can be paid. An example is provided below.

How does this virus slither into victim’s computer without being noticed?

Like any other typical ransomware, JagerDecryptor virus spreads via malvertising, deceptive email letters, malicious websites, drive-by downloads and software vulnerabilities. Ransomware acts like a Trojan horse; keep that in mind. It spread over the Internet in a form of a safe file of some kind, and typically users install it without realizing what they are actually dealing with. You can download a piece of malware by opening a document attached to an email message, a hyperlink included in the letter, by downloading fake Java Player update from a third-party website or just by visiting an insecure Internet site. You can never know where criminals are going to plant malicious scripts because nowadays they even can inject them into legitimate websites. It is scary that cybercrime evolves, and it becomes harder to fight against it every day, however, you can protect your computer and your money in a very easy way. Create a backup, store it on an external drive (hard disk, USB, etc.) and UNPLUG it from your PC. Viruses can affect data stored on plugged-in drives, so better put your backup drive somewhere away from the computer in a safe place. It can become a priceless life-saver in case your computer ever gets affected by ransomware. Also, set up an anti-malware software on your PC to keep viruses away.

How to remove JagerDecryptor from the computer?

If your computer has been attacked by this virus and you did buy the decryption software, we encourage you to remove these viruses from your computer as soon as possible. Scan the computer system using a proper malware removal tool immediately to remove JagerDecryptor virus and other dangerous files from it. This computer program is extremely dangerous, and it poses a significant threat to your privacy, as it can leave your computer vulnerable and even download more infectious files to it. An immediate JagerDecryptor removal using a decent malware removal tool can clean the system from malicious files and stop dangerous processes at once. Below you can find an informative tutorial on how to start ransomware removal tool.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of JagerDecryptor virus. Follow these steps

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove JagerDecryptor using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of JagerDecryptor. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that JagerDecryptor removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from JagerDecryptor and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions