Better_Call_Saul Virus File Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove the Better_Call_Saul Virus. Our inbox was just flooded with questions about a “Better_Call_Saul вирус,” signifying that this ransomware is predominantly spread in Russia.  

if you are reading this article, then it is likely because your computer has been infected with the Better_Call_Saul вирус. What you are dealing with is a very dangerous virus that belongs to the ransomware family of computer threats. What makes it so dangerous is the fact that it encrypts your files and makes them unusable. Beware! Even if you manage to remove the virus from your machine your files will remain infected! Our removal guide will help you handle both problems, but before we get there you need to learn some basic facts about this virus in order to be able to successfully combat it.

The Better_Call_Saul “Вирус” – how it works

Typically when this ransomware enters a computer it will try to remain hidden for an extended period of time. In that time it makes all of your files its target and behinds encrypting them. Very high grade encryption is used in this process – it is simply impossible to decrypt the files afterwards unless the proper key is obtained. This key is exactly what the hackers will offer you for purchase – at the heft price of around 1 BTC, or roughly $400. BTC actually stands for Bit Coin and is a form of untraceable online currency that is preferred by all cyber criminals as a form of payment.

It is possible to spot the ransomware at work – try to remember if your PC has been behaving erratically lately or it loaded programs much slower than usual. The encryption process was ran in the background by the ransomware, but that process is actually pretty hard on the CPU and Memory of your computer, thus the resulting overall sluggishness of your PC. While at work, the ransomware process can usually be spotted in the Task Manager – it is a process that has unfamiliar manufacturer and that uses a very high amount of CPU power and RAM. Shutting this process in time can prevent files from becoming encrypted in the first place, so we urge our readers never to waive slowdowns and other problems as something normal or inconsequential.

How was the Better_Call_Saul Virus installed?

We don’t want to discourage you even further, but it is actually quite possible that your PC was infected by a Trojan horse agent prior to the ransomware event. These days delivering ransomware though Trojan horses is becoming the norm – a well written Trojan horse can be virtually invisible to many anti-virus programs and can also successfully obfuscate the ransomware it delivers as well. Of course, it is also possible that you unknowingly installed the ransomware yourself directly.

Ransomware viruses like the Better_Call_Saul Вирус (and Trojan droppers) are most often distributed via the help of Email spam bot network. Every email box has a spam folder, but that filter is far from perfect. More often than not an intelligently written spam email might make it through. Malicious emails that contain some form of virus will always contain some link to be clicked on or some file to be downloaded and installed. Hackers use all kinds of ploys in order to convince you to click on the link or install the file, so please REMEMBER never to install files that arrive from suspicious or unfamiliar emails. Sometime the hackers may even disguise the spam emails as emails sent from the government and other institutions. Keep your anti-virus or anti-malware program at hand and scan everything!

Should you pay the ransom asked by the Better_Call_Saul Virus?

Of course, the quickest way to resolve this crisis is to pay the ransom and be done with it. That’s what the hackers want anyway. We believe that’s a poor decision – payment should never be considered, at least until all other options are exhausted and you’ve decided that your files are worth more than the money you will spend. However, please keep in mind that you are actually dealing with cyber criminals and you are basically at their mercy. They’ll also use whatever money they can get to expand on their nasty business and release new and improved ransomware programs!


Name Better_Call_Saul Virus
Type Ransomware
Danger Level High (This is literally the worst type of virus to encounter)
Symptoms Strange PC behavior followed by file encryption and virus reveal.
Distribution Method Trojan horse viruses frequently assist ransomware with distribution, but old-fashioned channels like email attachments work just fine too,
Detection Tool Ransomware are notoriously difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove Better_Call_Saul Virus

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Better_Call_Saul Virus may have hidden some of its files.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Better_Call_Saul Virus

There is only one known way to remove this virus successfully – reversing your files to a time when they were not infected. There are two options you have for this:

The first is a full system restore. To do this type System Restore in the windows search field and choose a restore point. Click Next until done.

system restore_opt

Your second option is a program called Recuva

Go to the official site for Recuva and download it from there – the free version has everything you currently need.

When you start the program select the files types you want to recover. You probably want all files.

Next select the location. You probably want Recuva to scan all locations.

Now click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish – maybe even several hours if your HDD is really big, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Found an alternative solution? Share your feedback with us so we can help other people in need!