Reig Virus


Reig is a type of file-attacking virus that applies data encryption to the files on the attacked computer, thereby locking them. Reig then displays a message which informs the victim about a ransom they must pay in order to be able to make their data accessible.


The Raig Virus will show you this message in a _readme.txt file

This form of malware, known as Ransomware, is unique for the reason that it doesn’t harm anything on the computer and it doesn’t try to spy on its victims or steal their data. Its sole goal is to prevent the user from opening, using, editing, or doing anything else with their files. If the locked files are of high importance to the user, the latter would be forced to complete the ransom payment in order to restore access to said files.

According to the text in the ransom note of the virus, once the user carries out the money transfer, a special key, unique for his or her computer, would be sent to them. Through this key, the victim would be able to restore their access to the encrypted data. This ransom payment is the whole purpose of the Ransomware viruses as a whole. Of course, if none of the locked files are valuable and if you can afford to lose them, then there is no need to worry about paying the ransom. In such cases, the only truly important thing you must do is remove the virus so as to clean your computer and make sure that no more files would get encrypted in the future. On the flip side, if the Ransomware has taken some files that you value hostage, then you will need to carefully assess the situation and figure out which course of action would be the best one to take in your case.

The Reig virus

The Reig virus is a stealthy Ransomware program, the goal of which is to block you access to the files found on your machine. The Reig virus is very good at staying unnoticed and, usually, it isn’t detected until it completes the encryption.

After the files targeted by the virus are sealed, it no longer matters if the threat remains on the computer. Even if the user takes care of the virus and removes it, the files that the Ransomware has encrypted will still remain in their inaccessible state.

The Reig file decryption

The Reig file decryption is the reversal of the file-encryption process that the virus has used to lock up your data. The Reig file decryption typically requires the use of a matching decryption key but there might be some alternative recovery options you can try.

Reig File

The Reig File encryption is very complex and not yet decryptable.

Generally, the payment variant should really only be resorted to if no other option has worked. Unless you have tried everything else and nothing has worked so far, we advise you to refrain from paying the ransom because the hackers may trick you and never send you the promised decryption key. If you are interested in learning more about removing the virus and recovering your data, check out the guide posted on this page as well as our How to Decrypt Ransomware post.


Name Reig
Type Ransomware
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Reig Ransomware Removal


It is recommended that, before you continue with the guide, you Bookmark this page so you can quickly get back to it for reference.

Also, it is advisable that you enter the computer in Safe Mode. This will, hopefully, make it easier to spot the ransomware and successfully remove it from the system.



With the computer in Safe Mode, open the Windows Task Manager (CTRL + SHIFT + ESC key combination). When the app shows up on the screen, go to the Processes Tab. Carefully scroll the list of active processes and search for a process that could be related to Reig or is problematic and questionable. 


When you come across such a process, right-click on it and, from the menu that pops-up, select Open File Location. Drag and drop the files found in that location in our free online virus scanner for a check:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    When the scan completes and you see the results, end the processes related to the files that get flagged as malicious, then go to the file location and delete the flagged files and their folders. 


    Next, on your desktop, open a Run dialog box (Start and R key combination). Then  copy  the following line in the Run box:

    notepad %windir%/system32/Drivers/etc/hosts

    Press the Enter key from the keyboard and this will open a text file named “Hosts” on your screen. Head to the bottom of the file where it is written “Localhost”. Then, check for any suspicious IP addresses below Localhost. Normally, there shouldn’t be any, but if the computer is hacked, you will see a number of IPs just as it is shown on the image here:

    hosts_opt (1)

    If under the Localhost section of your Hosts file there are some IPs that look questionable, please, write to us in the comments below this post so we can advise you on your actions in this case.

    Next, head to the System Configuration app and launch it (type msconfig in the windows search field and hit enter). As soon as you open it, click on the Startup tab:


    Carefully check out every process in the list of Startup items and try to determine which of them is legitimate and which one could be ran by the ransomware. Remove the checkmark before the questionable item. Pay special attention to items with “Unknown” Manufacturer and, if needed, google them in order to determine if they are part of the threat. Keep in mind that ransomware viruses like Reig may use fake name for its processes, that’s why your careful research is important.


    Your next step is to search for Reig-related entries in the Registry. For that, type Regedit in the windows search field and press Enter to open the Registry Editor app. Once the app launches, open a Find dialog box (press CTRL and F keys together) and write the exact name of the virus. In your case, you need to type Reig. Then, click on the Find Next button and, after the search completes, delete any entries that are found with that name. Repeat the search process as many times as needed until there are no more entries that are found.

    Be careful! Any deletions in the Registry that are unrelated to the ransomware may cause a serious system damage!

    After that, go to the Windows Search Field and rype each of the following lines one by one:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    This will open specific directories where you have to check for recently added files and folders that could be related to Reig. When you open the Temp folder, you need to delete everything that is found in that folder.

    If you are not quite sure what needs to be deleted, don’t risk. It is much better to use a professional removal tool (like the one on this page) to carefully scan your computer for Reig and follow its steps for malicious file-deleiton than corrupt your OS involuntarly. Also, if you find yourself in trouble, better leave us a comment at the end of this page so we can assist you then mess with the files on your computer and feel sorry after that.


    How to Decrypt Reig files

    After you complete all the steps above, and you are sure that Reig has been successfully removed, you may want to explore our free methods for file decryption. These can be found in a separate guide that you can check out here.

    Remember, if you have any questions or concerns, don’t hesitate to share them with us in the comments below!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment