Irjg Virus


Irjg is a money-extortion virus focused on denying you access to your data and forcing you to pay a ransom to restore the locked files. Irjg is known for spreading with the help of backdoor viruses, spam messages, and pirated software downloaded from illegal sites.

DJVU 1024x641
The Irjg viru ask for ransom with a notification after encrypting the files and data on your machine.

The harmful Ransomware versions are the most problematic and dangerous type of of software threats. The reason for that is their ability to block the user’s access to their files or to their whole system! This type of virus can ask for ransom with a notification after encrypting the files and data on your machine. It is possible that you will have to deal with the total loss of access to all data that has been locked, if you don’t agree to pay the ransom demanded by the hackers.

Here, we will be discussing one specific Ransomware  that can be blamed for file encryption and ransom harassment. It is called Irjg. Continue reading the paragraphs below to learn more about Ransomware in general and Irjg in particular.

The Irjg virus

The Irjg virus is a sophisticated malware threat that is categorized as a Ransomware file-locking virus. The method used by the Irjg virus to lock the victims’ data is called file-encryption and any file locked by it can only be accessed through the application of a special key.

During the last two decades of the XXth century, programs under the name of Ransomware first appeared in Russia. At first, there were only two versions of Ransomware-like viruses:

  • File-encrypting Ransomware – this is the exact subcategory that Irjg belongs to. These insidious cryptoviruses search for the files that belong to the most commonly used data formats in order to encrypt them. Such malware tends to send ransom-requiring messages once they are done with the encryption of your valuable files. Inside this notification, you may find some detailed payment details that you need to follow when executing the ransom transfer.
  • Screen-lockers: these viruses are believed to infiltrate computers in the same way as the aforementioned. But there is a difference between these two categories – the screen-blocking versions only lock up the victim user’s desktop with a large ransom-demanding pop-up alert, which means that no data becomes victim of any encryption. In such a case, it is the computer screen/desktop that would be inaccessible to you, but a ransom is again required and you will see all the payment information in the notification, which blocks your desktop.
  • Mobile devices blocking Ransomware: this type of viruses are able to infect phones and tablets as well. The functions of this virus are similar to the ones described above.

The Irjg file encryption

The Irjg file encryption is a special data-securing process that seals the file and makes it inaccessible to anyone who hasn’t got the correct key. The matching key for the Irjg file encryption is initially in the hands of the hackers who want you to pay a ransom to receive it.

Irjg File
The Irjg file virus

Irjg, as well as the other Ransomware-based programs, are getting distributed in many diverse ways. Be extremely careful, because they may be attached to some unwanted e-mails or to spam social media messages. Another common source of such malicious software is the so-called ‘malvertising’. Ads that redirect to malware-infested pages are included into some websites and if follow such an ad, you could get your PC infected by the virus. Other typical sources of distribution could be the drive-by download from suspicious websites and some contaminated torrents as well.

Is there a chance to have Irjg Ransomware safely removed? Is there any possibility to restore the victim’s encrypted data?

It is extremely important that you bear in mind no actions on your side can  guarantee the total recovery of the encrypted data. Even if you succeed in removing the malicious software, though, your data could still be lost. There’s a probability where the hackers can disappear with the ransom you might have agreed to pay which is why we don’t advise you to go for the ransom payment without having tried any alternative solutions.

Some of the possible solutions may include contacting someone who has some experience in getting rid of such viruses. It may turn out to be just the right solution.

Or, maybe, your solution lies in a reliable Removal Guide such as the one provided below.

Always remember that in the struggle against this kind of malicious software and viruses, your strongest and most hopeful weapon is prevention. If you want to avoid file-encryption, simply back up your data as often as you can, and no one will ever harass you or be able to blackmail you for the access to your files.


Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Irjg Ransomware Removal


If you’ve decided to follow the instructions on this guide, you’ll need to restart your computer during some of the steps below. Therefore, it’s a good idea that you bookmark this page in the beginning, so you can get back to it and swiftly finish removing Irjg.

Once you’ve bookmarked the removal guide, we recommend you reboot your computer in Safe Mode by following this link’s instructions.Then, with the computer successfully booted in Safe Mode, please follow the steps below.



In this step, what you need to do is check the compromised system for processes that are related to the ransomware and are running in the background. The best way to do that is to go to the Start menu and open the Task Manager.

Launching the Start menu is as simple as clicking on the Start button in the bottom left corner of your screen. When you do that, the Windows search box will appear. Type “Task Manager” into it, then hit Enter on your keyboard.

When you get there, look for any processes on the Processes tab with the Irjg name or any other suspicious processes that consume a lot of system resources.

Select each suspicious-looking process, right-click on it, and then choose Open File Location to see the files of the dubious-looking process and check if they are legitimate.


The File Location folder will contain files related to the selected process. Use the virus scanner provided below or another reliable scanning program to ensure that these files are free of harmful code.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If the scan results detect a danger in any of the scanned files, it’s important that you immediately stop the running process related to these files and delete any malware-infected data from your computer.

    Note that you may check as many processes as you like using the scanner above to ensure that the system is free or ransomware-related processes running in the background.


    Your infected computer may already have some ransomware-related processes that are set to start when you turn it on.  For this reason, as soon as you complete the instructions in step two and stop all malicious processes from running in the background, in the third step, you should check the Startup Tab in System Configuration and see what startup items have been configured to start when your computer boots up. 

    For that, enter msconfig into the Start menu search bar and press Enter to launch System Configuration. Click the “Startup” tab at the top of the new window to view the startup process.



    There, you’ll see a list of startup entries associated with the programs you’ve installed. Remove the checkmarks from anything with an unknown manufacturer or a strange-looking name after carefully researching it. Click the OK button to save your changes.

    Please bear in mind that ransomware often disguises itself as another application in order to avoid detection. As a result, you must carefully research the list of startup items that are checked online before attempting to deactivate any of them.



    The persistence of ransomware threats like Irjg is commonly attributed to the addition of damaging registry entries inside the system’s registry, which is a popular target for threats of this kind. 

    This is why you should launch the Registry Editor (type “regedit” in the windows search bar and hit Enter), search it for any Irjg-related entries and remove everything that you think is dangerous to make sure the threat doesn’t reinstall itself when you reset your computer.

    After entering the Registry Editor, use CTRL+F to open a new Find window. Type the name of the ransomware in it and run a registry scan using the Find Next button to see whether there are any ransomware-related entries, and then delete the files that you discover.

    Attention! Remove registry entries with caution to prevent causing damage to your system. Use a professional registry cleaning tool like the one we recommend here if you aren’t sure what needs to be deleted. Such software will save you time and will ensure that your computer’s records are free of any harmful software.

    Once you’ve completed wiping the registry clean, use the Start menu search bar to type the locations listed below and open each one of them by pressing Enter.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    If you find any new files or folders with suspicious-sounding names or files that seem to be part of the Irjg malware, be sure to delete them immediately.

    Open Temp, then select and delete all the files in there, including those that were generated by the ransomware itself.


    If, aside from being infected with Irjg, you have a doubt that your PC has been compromised by another threat or has been hacked, we recommend you to check what is going on in your Hosts file.  

    For that, open the Start menu and type the following into the search box:

    notepad %windir%/system32/Drivers/etc/hosts

    See whether there are any suspicious-looking IP addresses under Localhost in the file’s text, as those in the example below:

    hosts_opt (1)


    If you see anything strange in your Hosts file that concerns you, please let us know in the comments section below and a member of our team will do their best to assist you.

    How to Decrypt Irjg files

    Prior to attempting a file recovery, you must be sure that you have successfully removed the ransomware from your computer. Ransomware can often continue to encrypt data you’ve recovered in case it hasn’t been completely eliminated from the system. It may even encrypt all of your backup sources.

    That’s why doing a full malware check on your PC with a powerful anti-virus tool is highly recommended before beginning any file recovery process. If the scan reveals no threats in the system, please feel free to use our comprehensive file decryption guide. 

    What is Irjg?

    Irjg is an advanced form of malware designed to extort its victims by taking their most valuable and important files hostage. The way Irjg achieves this is by secretly launching a file-encryption process that can only be unlocked via a special decryption key.

    The moment Irjg sneaks inside the computer of its victim, it begins the process of encrypting all files on the infected computer that belong to certain predetermined commonly used file types. The goal is to make all such files present in the system inaccessible and if any of the files are important to the user, the latter would be forced into paying a sizeable amount of money in ransom to get the private key for those files. Obviously, not all computer users store highly important files in their system, and so the effectiveness and damage potential of Irjg and other similar threats varies based on this. Nevertheless, the big number of Ransomware victims desperately seeking ways to restore their encrypted files clearly shows just how big of a problem this type of malware is.

    Is Irjg a virus?

    Irjg is a virus program categorized as a Ransomware cryptovirus because it employs military-grade encryption to lock its victim’s files so that it could later use this as blackmailing leverage. After encrypting the files, the Irjg virus generates a message with ransom-payment instructions.

    It’s a common practice for hackers who use Ransomware to demand the ransom for the decryption key in cryptocurrencies such as Bitcoin, Monero, Ethereum, etc. This is done to ensure that the ransom transaction is untraceable, and the authorities would be unable to bring the cyber-criminals to justice. This also means that anything you pay to the criminals, you won’t be able to retrieve, even in the event that you don’t receive a working decryption key in return.

    The ransom-demanding message displayed by the virus would typically include instructions on how to buy the specified cryptocurrency and how to then transfer it to the cyber-criminals virtual wallets. In addition, there could be a deadline included in the ransom note, after which the demanded sum would double or triple.

    How to decrypt Irjg files?

    To decrypt Irjg files, the two main options are to give in to the blackmailers’ demands and pay the ransom or to search for and try alternative file-restoration methods. Our advice is to always first try to decrypt Irjg files via alternative methods.

    The reason it’s generally discouraged to pay the ransom demanded by viruses like Irjg is that the only certain thing if you send your money to the hackers is that you won’t ever get this money back. Obviously, this is at least acceptable if you are given the decryption key afterward, but the problem is that you have absolutely no guarantee that this is what will happen. There are a number of things that could go wrong if you perform the ransom transactions, and the hackers refusing to give you the key is only one of those things. Another possibility is that even if you do receive a key, an error in its code may render it useless, or that the wallet specified by the hackers in the ransom note is no longer owned/used by them, meaning that you may end up sending your money to somebody else.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1