How to remove Jaff virus and restore encrypted files

Jaff virus


Jaff refers to the most risky kind of malware that might be encountered by the ordinary customer. Most of unwanted programs simply call inconvenience, and the consequences of their actions can be neutralized in few minutes, but ransomware inflicts major harm, and in most cases, you have to waste money to fix it. The encrypting virus is the worst thing that can happen to your computer. Don't concern, we have the answers for all common questions. How to get rid of ransomware? How to restore the corrupted data? Just read this article, and you'll learn the answers!


Jaff ransomware virus


The virus infects your computer with the help of malicious additions in e-mail, and then promptly begins to cipher folders. The power of this virus is that you can win only before it gets into your PC. When it is inside you can do nothing to stop the virus, and must face the aftermath. Almost all types of files that might appear on usual man's computer can be encrypted by Jaff. The encoding takes from a few minutes to several hours. The process's speed might vary depending on the machine power and the number of data stored on it. Hackers demand you to pay 2 BTC for file restore.


Jaff readme file


Jaff uses the very complex algorithms of encryption by AES algorithm, which cannot be decrypted if you have no key. We're trying to say that there is just one totally dependable method of file recovery: to use the backup. If don't have backups - you can forget about your data, because you cannot be certain that swindlers, which hacked your PC, won’t trick you one more time when the ransom will be received. Your information can be restored in several ways, but they aren't 100% reliable.

How to delete Jaff Virus


When the laptop is infected by encrypting virus, the priority is not the disposal of the ransomware itself, but the recovery of files. Removing Jaff does not change the condition of files that are already ciphered, but, until Jaff dwells in the system, all new files are at hazard. Virus disposal is an essential part of all decryption ways. The immediate removal is necessary if you prefer the decryption in manual mode, or you have the backups to use, and if you are going to pay those hackers - the malware should be deleted after the total data restore. The removal can be performed with use of specific anti-viral tool, or in manual mode. Swiftness and reliability of both manners are equal, but the requirements for user practice and skill are extremely different. Hand deletion needs some practice of who performs it. Practice is needed in order to prevent mistakes or to neutralize the effects of failure, if it does happen. Disposal with use of special program doesn't need any knowledge of its customer. You just have to buy the program, install it and launch the scanning process. Under this part, you will find the full set of advices for deleting of Jaff. We thoroughly describe every single stage of removal process, to avoid any errors. However, if you don't want to remove Jaff manually, and want to get the high level of defense against all viruses - you should download the reputable anti-virus. Download Spyhunter to remove Jaff virus automatically


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)


How to restore files encrypted by Jaff

In this item we have told few times that If your laptop is penetrated by encrypting virus, you have just one 100% secure way to recover files: to upload the backup. You should use other methods if there's no another option, but be ready that they might fail. The fact that the backup copies are stored on separate media, makes them absolutely immune to Jaff.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Other methods are based on the OS functionality, and their success may be minimized by the complexity of the ransomware and the absense of experience. We can advise you two more decryption methods. They are: Shadow Volume Copies service and the restore via special decryption program. The problem lies in the fact that today we have no info about the reliable decryptor for this ransomware, and we don’t know about when we can expect one. But you better review the sites of the respectable anti-viral software vendors who could create such program. Manual recovery with use of shadow copies may be made right now. You can use the basic Windows service, but, we offer you more effective programs, which will greatly simplify your task. These tools are entirely toll-free, and they were developed by reputable developers. They are called ShadowExplorer and Recuva, and you can see all details on their official websites.




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience