Jigsaw Ransomware Virus Removal (.Fun)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove the Jigsaw Ransomware Virus. These the Jigsaw Ransomware Virus removal instructions work for all versions of Windows.

Ransomwares are among the most dangerous things that can happen to your computer that don’t involve physical destruction. What sets them apart from other viruses is the fact that they encrypt the files on your PC and then demand a ransom for them – hence the name.

Unfortunately, there’s little to no way of knowing you’ve been infected before it’s too late and you’ve lost access to your files. If, however, you do suspect there might be something amiss with your PC, it might be because it’s running extremely slow. The best way to check whether you do, in fact, have the Jigsaw Ransomware Virus installed on your computer is to search the Task Manager for processes using the most RAM. In case you notice something suspicious, shut down your computer immediately and seek help from a professional. As pointed out – the Jigsaw Ransomware Virus is an extremely dangerous malware that can cause extensive damage to the data stored on your machine.

How the Jigsaw Ransomware Virus could have entered your computer

Viruses of this type are usually distributed with the help of Trojans. For example, they can be sent as emails with an infected file attached, which, once opened, unleashes the malicious program into your system. Alternatively, there may be a link in them, which leads to a website where the Jigsaw Ransomware Virus would be automatically downloaded from.

Please note that the encryption process may take a while, which is also why there is a possibility of discovering it in time, as described above. The process itself involves encrypting your data storing files with the help of two encryption keys. One is public and shared with you, the other is private and is what the hackers will try to sell to you. Decrypting your files is impossible without access to both keys. There are alternative solutions to this problem, discussed below.

Most times these programs are so stealthy, that you’ll have no idea of their presence until their evil creators finally request a ransom for the key to the encrypted files. As soon as the dirty task has been finished, it is usually followed by a message informing you that your files have been encoded and threatening to dispose of them, if you do not pay the requested amount.

What NOT to do

Of course, deciding how to proceed is entirely up to you, but here are several aspects you should consider before rushing into taking any action. For one – attempting the alternative recovery methods illustrated in this article will not endanger your files in any way, even though that is what they will try and scare you into believing. The methods described in this guide aren’t 100% effective and there is a chance that some of your files might not be recovered. Should this be the case, even after you’ve completed all the steps in this guide, and there are files encrypted worth paying a ransom for, you might decide to go ahead and do that. However, the very reason why hackers create these viruses and send them circulating across the web is to earn money on them. By paying these people – you’d be encouraging them to continue and that is encouragement enough, because they are notoriously difficult to trace and put down by the authorities. Therefore, they don’t exactly fear prosecution.

Additionally, say you’ve paid the money and received the encryption key, there is still no guarantee that it will work flawlessly and all files and data will be restored. That being said, there’s really no guarantee you will receive the key to begin with; which will leave you in the same position, only with a lighter wallet.

the Jigsaw Ransomware Virus’s increasing popularity

Ransomwares have been around for quite some time now – they date back to the nineties and were initially present in Russia only. Today things have taken a turn for the worse in this department. the Jigsaw Ransomware Virus and others like it are gaining increasing popularity each day and part of the explanation is the crypto currency Bitcoin. Bitcoins are impossible to trace, so when hackers are paid in them, it leaves no tracks to follow them by.

With this in mind, it is wise to protect your computer with a good antivirus program and always be alert for suspicious messages and/or emails, especially those with attachments in them. Naturally, avoiding obscure websites and clicking on banners and ads you’re unsure of are simple safety measures you should abide to, in order to prevent harmful programs like the Jigsaw Ransomware Virus from installing themselves on your computer.



Name the Jigsaw Ransomware Virus
Type Ransomware
Danger Level High (Will make your personal data unreadable and blackmail you for its restoration)
Symptoms Your PC may experience a general slowdown while your files are getting encrypted, once that’s over its already too late.
Distribution Method Commonly installed with the help of a trojan horse virus code, that will in turn download the ransomware executable from a remote TOR server.
Detection Tool Ransomware may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove the Jigsaw Ransomware Virus

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. the Jigsaw Ransomware Virus may have hidden some of its files.

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with the Jigsaw Ransomware Virus

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment