If your files does not open normally, .chech file extension added at the end of their name then your PC system is infected with a new malware named “Chech ransomware”. Once started, it have encrypted all your files stored on the computer drives and attached network drives.
Chech ransomware is a ransomware virus, which made to encrypt the personal files found on infected PC using very strong hybrid encryption with a large key, adding the .chech extension to all encrypted personal files. It can encrypt almost types of files, including the following:
.rar, .txt, .doc, .iwd, .mdbackup, .zdb, .xlk, .cdr, .rwl, .upk, .wmv, .flv, .mdf, .kf, .snx, .xyw, .sidn, .wri, .pst, .xlsm, .r3d, .wbc, .xbplate, .tax, .p7c, .0, .wm, .ltx, .csv, .wbk, .itl, .bc7, .yml, .wpt, .xlsx, .wpe, .t12, .kdc, .tor, .xx, .xbdoc, .big, .crw, .wdb, .pef, .wpg, .raw, .css, .dmp, .re4, .indd, .wps, .gho, .mcmeta, .bkf, .sis, .ff, .zw, .lvl, .w3x, .odc, .nrw, .wbd, .hvpl, .desc, .sie, .dazip, .xll, .pkpass, .xpm, .hkdb, .raf, .psk, .ysp, .blob, .slm, .epk, .xdb, .xls, .wcf, .x, .wpd, .zabw, .litemod, .ppt, .xlgc, .bc6, .orf, .hplg, .3ds, .apk, .mef, .der, .bsa, .dba, .bar, .p12, .icxs, .jpe, .cfr, .jpeg, .1, .accdb, .mlx, .wp6, .wmo, .dwg, .wbmp, .jpg, .sb, .itdb, .wmd, .xlsx, .pak, .wgz, .mov, .bay, .xxx, .ntl, .t13, .xml, .wsc, .xmind, .y, .bik, .xld, .ybk, .pem, .crt, .sidd, .mdb, .dbf, .wpa, .fpk, .wpd, .mp4, .wire, .cer, .xls, .eps, .pdf, .avi, .wsd, .xar, .zi, .x3f, .wp4, .xmmap, .fsh, .rgss3a, .vdf, .3dm, .vfs0, .cr2, .das, .1st, .wma, .iwi, .cas, .qdf, .sid, .wp, .dcr, .wmf, .lbf, .psd, .svg, .wot, .xlsm, .vpk, .py, .zip, .wpl, .wma, .ibank, .xy3, .ptx, .sql, .erf, .pptm, .lrf, .arch00, .asset, .menu, .hkx, .qic, .wb2, .docx, .mpqge, .odt, .arw, .png, .wpb, .ods, .x3f, .p7b, .mddata, .sum, .xyp, .vcf, .zif, .m3u, .pfx, .sr2, .forge, .wotreplay, .srw, .wp5, .pdd, .dxg, .sav, .wbm, .wav, .pptx, .xf, .3fr, .xwp, .x3d, .kdb, .wn, .mrwref, .odb, .ztmp, .z3d, .webp, .odp, .vpp_pc, .2bp, .wbz, .wdp, .odm, .m4a, .7z, .docm, .ws, .xdl, .wmv, .esm, .d3dbsp, .rtf, .wps, .map, .dng, .m2, .gdb, .zip, .vtf, .syncdb, .wsh, .bkp, .srf, .js, .ai, .wp7, wallet, .z, .xlsb, .yal, .itm
Once a file is encrypted, its extension changed to .chech. Next, the ransomware creates a file named ‘_readme.txt’. This file contain a note on how to decrypt all encrypted files. You can see an one of the variants of the ransomnote below:
ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-T9WE5uiVT6 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: blower@india.com Reserve e-mail address to contact us: blower@firemail.cc Your personal ID
Instructions that is shown below, will help you to remove .Chech ransomware as well as restore (decrypt) encrypted documents, photos and music stored on your personal computer drives.
Table of contents
- How to remove .Chech ransomware virus
- How to decrypt .chech files
- Use STOPDecrypter to decrypt .chech files
- How to restore .chech files
- How to protect your PC from .Chech ransomware virus?
- Finish words
How to remove .Chech ransomware virus
Using a malicious software removal tool to scan for and delete ransomware hiding on your computer is probably the easiest way to remove the .Chech ransomware virus. We recommends the Zemana Free program for Windows machines. MalwareBytes Free and Kaspersky virus removal tool are other anti-malware tools for MS Windows that offers a free malicious software removal.
Use Zemana Anti-malware to remove .Chech ransomware virus
Zemana can find all kinds of malware, including ransomware, as well as a variety of Trojans, viruses and rootkits. After the detection of the .Chech ransomware, you can easily and quickly remove it.
Installing the Zemana Anti Malware (ZAM) is simple. First you will need to download Zemana AntiMalware from the link below. Save it on your Windows desktop.
164112 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
After the download is complete, close all applications and windows on your machine. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup like below.
When the installation begins, you will see the “Setup wizard” that will allow you set up Zemana Anti-Malware on your PC system.
Once setup is finished, you will see window as shown below.
Now click the “Scan” button . Zemana Free application will scan through the whole PC system for the .Chech ransomware virus and other security threats. Depending on your personal computer, the scan can take anywhere from a few minutes to close to an hour. While the Zemana Free is scanning, you can see count of objects it has identified either as being malware.
After Zemana AntiMalware (ZAM) has finished scanning, Zemana will open a list of all items found by the scan. Next, you need to click “Next” button.
The Zemana Free will remove .Chech ransomware virus and other malware and potentially unwanted apps.
Use MalwareBytes Free to remove Chech ransomware virus
Manual Chech ransomware virus removal requires some computer skills. Some files and registry entries that created by the ransomware virus may be not fully removed. We advise that use the MalwareBytes that are fully free your PC system of ransomware virus. Moreover, this free program will help you to get rid of malicious software, potentially unwanted programs, adware and toolbars that your PC system can be infected too.
- Download MalwareBytes Anti-Malware (MBAM) by clicking on the link below.
Malwarebytes Anti-malware
326462 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- When the downloading process is finished, close all software and windows on your computer. Open a file location. Double-click on the icon that’s named mb3-setup.
- Further, press Next button and follow the prompts.
- Once setup is finished, click the “Scan Now” button . MalwareBytes Free application will scan through the whole personal computer for the Chech ransomware virus and other security threats. A system scan may take anywhere from 5 to 30 minutes, depending on your system. While the MalwareBytes Free is checking, you may see how many objects it has identified either as being malware.
- After MalwareBytes AntiMalware has completed scanning your computer, you may check all items detected on your computer. Next, you need to press “Quarantine Selected”. Once disinfection is finished, you can be prompted to reboot your computer.
The following video offers a step-by-step instructions on how to get rid of hijackers, adware and other malicious software with MalwareBytes Free.
If the problem with .Chech ransomware is still remained
If MalwareBytes anti malware or Zemana anti-malware cannot delete this virus, then we suggests to run the KVRT. KVRT is a free removal utility for worms, trojans, ransomware and other malware.
Download Kaspersky virus removal tool (KVRT) from the following link.
129082 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After downloading is finished, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you’ll see the KVRT screen as shown in the following example.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button for checking your system for the .Chech ransomware . Depending on your machine, the scan may take anywhere from a few minutes to close to an hour.
Once the scan is finished, you can check all threats found on your computer as displayed in the following example.
In order to remove all threats, simply click on Continue to start a cleaning task.
How to decrypt .chech files
The .Chech ransomware encourages victim to contact it’s makers in order to decrypt all files. These persons will require to pay a ransom (usually demand for $490-980 in Bitcoins).
Should you pay the ransom? A majority of computer security researchers will reply immediately that you should never pay a ransom if affected by ransomware! If you choose to pay the ransom, there is no 100% guarantee that you can decrypt all personal files!
With some variants of Chech Ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .chech files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.chech).
Please check the twitter post for more info.
How to restore .chech files
In some cases, you can restore files encrypted by .Chech ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted personal files.
Use shadow copies to restore .chech files
If automated backup (System Restore) is enabled, then you can use it to recover all encrypted files to previous versions.
Visit the following page to download ShadowExplorer. Save it directly to your Windows Desktop.
438819 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the downloading process is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.
Double click ShadowExplorerPortable to start it. You will see the a window as shown on the image below.
In top left corner, choose a Drive where encrypted files are stored and a latest restore point as displayed on the screen below (1 – drive, 2 – restore point).
On right panel look for a file that you wish to recover, right click to it and select Export as shown in the figure below.
Use PhotoRec to restore .chech files
Before a file is encrypted, the .Chech ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your files using file restore apps like PhotoRec.
Download PhotoRec from the following link. Save it on your Desktop.
When downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the image below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It’ll open a screen as displayed in the figure below.
Choose a drive to recover as displayed on the screen below.
You will see a list of available partitions. Select a partition that holds encrypted documents, photos and music as shown on the image below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is done, click OK button.
Next, click Browse button to select where recovered files should be written, then click Search.
Count of restored files is updated in real time. All recovered personal files are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is done, click on Quit button. Next, open the directory where restored photos, documents and music are stored. You will see a contents as shown on the image below.
All restored files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your PC from .Chech ransomware virus?
Most antivirus apps already have built-in protection system against the ransomware. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Use HitmanPro.Alert to protect your computer from .Chech ransomware virus
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
HitmanPro Alert can be downloaded from the following link. Save it directly to your MS Windows Desktop.
After the downloading process is done, open the file location. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. When the tool is started, you will be displayed a window where you can choose a level of protection, as on the image below.
Now click the Install button to activate the protection.
Finish words
Now your system should be clean of the .Chech ransomware virus. Uninstall KVRT and MalwareBytes Anti Malware (MBAM). We advise that you keep Zemana (to periodically scan your computer for new malware). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.
If you are still having problems while trying to get rid of .Chech ransomware virus from your computer, then ask for help here.