Rejg is a Ransomware computer virus that stealthily locks up its victim’s files as the first phase of its blackmailing agenda. After Rejg is done locking up the targeted files, it tells its victims they are required to pay a ransom.
Usually, Ransomware threats like this one inform the users about the ransom demand via a pop-up message or a notepad file that are automatically generated on the Desktop after all data is locked up. Alternatively, the notepad file may be placed inside the folders that contain locked data or the pop-up might only show up on the screen whenever the user tries to access a sealed file. Regardless of the exact mechanism used to notify the victim about the ransom they are supposed to pay, the rest is pretty much the same. Data-encryption is the method used by these threats to place the targeted files under lockdown and there are a couple of things we need to clarify about it.
Firstly, the encryption isn’t harmful to the computer and it also doesn’t damage the files themselves. As long as you have the corresponding decryption key (for which the hackers want you to pay the ransom), you’d be able to open your files as before and there won’t be any damage done to them.
The second thing that must be mentioned here is that the encryption, once completed, no longer depends on the virus’ presence on the computer. This means you could manage to remove the Ransomware but that won’t automatically decrypt the locked files. This is one of the things that makes Ransomware such a problematic form of malware.
The third thing we ought to explain about the encryption process carried out by threats like Rejg, Wrui, Lmas is that it typically doesn’t get flagged as malicious by most antiviruses and, in turn, that is the reason the majority of security programs don’t stop it before it completes. This further complicates the situation whenever a Ransomware virus infects a given computer.
The Rejg virus
The Rejg virus is a threatening Ransomware type threat that prevents its victims from accessing or using their personal files. The Rejg virus usually silently sneaks in the victims’ computers helped by a Trojan horse that automatically downloads the Ransomware without the user’s knowledge.
There are almost no symptoms that could indicate that such a virus has entered the system and most users don’t realize what has happened until they find out that their data has become unavailable.
The .Rejg file extension
The .Rejg file extension is a rogue filename extension used by this Ransomware to make each attacked file unrecognizable to any regular program. The .Rejg file extension can only be removed from the files if the correct decryption key is applied to complete the decryption.
This key may never get to you even if you pay the hackers to “purchase” it from them. Therefore, it is advisable to first try opting for some alternative solutions that may help ameliorate the situation without requiring you to risk your money. You can find a number of tips and suggestions in our removal guide on this page as well as in our How to Decrypt Ransomware article.
|Data Recovery Tool||Not Available|
Some threats reinstall themselves if you don't delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
Remove Rejg Ransomware
If your machine has been infected by the Rejg Ransomware, the first thing you must do is find the virus process in the computer’s Task Manager, delete the files in its file location folder, and then end the process. To do this, press Ctrl + Shift + Esc or Ctrl + Alt + Del to start the Task Manager app and select the Processes tab. From the listed processes, find the one that is run by Rejg. Unfortunately, this may not be that easy to do because the virus process may have a different name than the virus itself so don’t be surprised if you don’t see an Rejg process listed in the Task Manager.
What you should be looking for if there isn’t an Rejg process is try to find another process that has high RAM and CPU consumption and that has a name that doesn’t seem familiar to you. One important thing to remember here is that some of the system processes listed in the Task Manager can look suspicious at times, so we suggest that you always look up the names of any processes that look suspicious to you. That way, you’d be able to determine if those processes are indeed not supposed to be running and aren’t instead ones coming from your OS.
After you have pinpointed a process in the Task Manager that you think is linked to the virus, select it, right-click on it, and then click on the Open File Location option. The folder that you will be brought to would contain the files for the suspicious process. You must scan those files for malware code by using the free online scanner that we have provided below and/or your own antivirus or anti-malware program (or, better yet, use both scanning options).
If anything malicious gets detected while you are running the scans, this means that you should return to the Task Manager, right-click on the suspicious process again, and select the End Process Tree option. Then go back to the File Location of the process and delete the entire folder. If any files contained in it can’t be deleted and this prevents you from deleting the folder itself, delete the other files stored in there. After you have finished the whole guide, you must go back to this folder and try deleting it again.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
In this step, you will have to start your computer in Safe Mode – a special mode that keeps unnecessary/non-essential programs and processes from running thus improving your chances of successfully eliminating the Ransomware by preventing it from interrupting your removal attempts. You can find out exactly how to enter Safe Mode from this guide.
Once you have booted into Safe Mode, you must check the startup items of your computer and remove those that are unnecessary and/or may be linked to the Rejg Ransomware. You can do this by typing System Configuration in the Start Menu, hitting Enter, and selecting the Startup tab in the window that gets opened. In there, you will see what the currently enabled startup items on your PC are – uncheck the ones that look suspicious or are unfamiliar as well as those that have “Unknown” under Manufacturer. To uncheck a startup item, simply remove the tick from the checkbox that’s in front of it. Once you have unchecked all suspicious entries, click on Ok and continue to the next step.
Next, enter this line in the search field under the Start Menu and select the first icon shown in the search results: notepad %windir%/system32/Drivers/etc/hosts. This will open a file called Hosts that you must check for signs of malware interference. To do this, look towards the bottom of the file, where it says “Localhost“. If the virus has hacked the Hosts file, there would typically be strange IP addresses listed below it. If you see anything written below Localhost, you must copy that text and send it to us through the comments section below this article.
After we take a look at the lines that you have sent to us, we will determine whether you need to do anything about them. If we determine that the lines from your Hosts file are indeed from the Ransomware, we will tell you to delete them from the Hosts file and save the changes made to the latter.
For this step, you must access a tool called the Registry Editor and delete all items from it that may be related to Rejg. This isn’t a difficult task but it may sometimes be difficult to tell if a given item must be deleted. Since there are many sensitive and crucial system settings that are present in the Registry of your computer, you must make sure that you only delete items related to the virus and nothing else. Otherwise, deleting stuff from the Registry could cause more harm than good and lead to all sorts of unforeseen consequences for your computer. Therefore, we must warn you to always contact us through the comments section when you are in doubt about a given item from the Registry that you are not sure whether you delete or not so that you don’t end up deleting something you are not supposed to.
Now that you have been warned, it is time to access the Registry Editor – you can open it by typing regedit in your Start Menu and hitting Enter from the keyboard. Before the Editor opens, Windows will require your Admin permission so provide it by clicking on Yes. After the Registry Editor opens, press Ctrl + F to evoke the Registry search box and type the Rejg name in it. Now click on Find Next and if an item that has the name of the virus is found, delete it by clicking on it, pressing Del from the keyboard, and then confirming the deletion. After the first item is deleted, click on Find Next again to find the next one with the Rejg name and delete that one too. Rinse and repeat until there are no more search results for Rejg.
Next, go navigate to these next locations in the Registry Editor:
- HKEY_CURRENT_USER > Software
- HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
- HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
In them, your job is to find any folders with suspicious-looking names. In most cases, if there is a folder in those locations that has been added by a virus, that folder would have a very long name that seems to comprise numbers and letters that are randomly arranged. If you see a folder with such a name or any other questionably-looking name, delete it. Of course, if you aren’t sure whether a certain folder ought to be deleted, you should first ask about it in the comments section on this page.
Lastly, visit the following file locations on your computer by copying each of the next lines, placing them in the Start Menu search box, and hitting Enter.
In all of those folders except Temp delete the most recently created files – start from the newest file and finish with the file that was created just before the Ransomware infection occurred. It is best if you sort the files by creation date to make this easier. As for the Temp folder, you must delete everything in it so simply select all files (Ctrl + A), press Del, and select Yes to confirm the deletion.
Once this final step has been completed, do not forget to go to the file location of the suspicious process you ended in Step 1 and delete the folder along with the remaining files that you weren’t able to remove earlier.
How to Decrypt Rejg files
The guide we have just shown you deals with removing the Rejg Ransomware virus but completing it won’t be enough to release the files that the Ransomware has encrypted on your computer. In order to attempt to restore your data without paying the ransom, you will have to try some alternative file-recovery methods. We have compiled the ones that we consider to be the most effective in a separate How to Decrypt Ransomware Guide that you can use for free. However, it is important to have first removed the Rejg virus before you attempt to restore any data or else that data may get encrypted again. To access the file decryption guide, select the link offered above and it will lead you to there.
In case that even after completing every step from this page you still think (or know) that Rejg is on your computer, we strongly recommend downloading and installing the professional anti-malware tool that has been included on this page – this is a powerful malware-removal program capable of quickly detecting and removing all sorts of malware threats. Also, if you think you have found any leftover files from the Ransomware, you can use our online scanner for free to test them and see if they contain harmful code so that you would know whether to delete them. Last but not least, we once again remind you that the comment section below this post is open to anyone who needs additional help with anything related to the Rejg Ransomware.