Czech ransomware / virus (Decryption Steps Included) - Free Instructions

Czech virus Removal Guide

What is Czech ransomware virus?

Can Czech ransomware damage my personal files?

Czech ransomware virus is a hideous computer infection that tries to extort money from unfortunate victims. Some researchers tend to name it Czech Kostya virus. Once it hits a computer, it locks the screen by displaying a window that says “All your files have been locked” in the Czech language. The lock screen[1] window provides some information about the virus and claims that files have been ciphered with AES-256 encryption[2] although, in reality, the virus doesn’t encrypt anything. It simply blocks the access to the computer and tries to intimidate the victim to force him/her pay the ransom[3]. The initial ransom that this virus asks for is 300 CZK, which is more or less 12 dollars. The virus asks to pay the ransom within 24 hours; otherwise, it promises to increase the ransom price to 2000 CZK (approximately $80) and delete 60% of all files as well.

Although the ransom price appears to be ridiculously small (considering that viruses like Cerber or Locky ask for at least $500 and more[4]), you should not pay the ransom. Czech virus that pretends to be a severe ransomware actually does nothing to data stored on your computer and only displays an annoying window that can be removed rather easily. You simply need to run your antivirus or anti-malware software to remove Czech malware completely. We highly recommend using FortectIntego or SpyHunter 5Combo Cleaner software. The reason why we do not recommend manual Czech ransomware removal option is that inexperienced users can quickly delete the wrong files, which might result in system’s instability and other problems.

Picture of Czech ransomware screenlocker

How did I get infected with this malicious software?

Malicious software mainly travels via email attachments[5], hideous links or bundled downloads, so be aware of these distribution channels. Don’t ever agree to install suspicious files or programs on your system if you are not 100% sure that they are safe! For example, infectious websites often tend to push fake software updates (for instance, Java updates) via aggressive pop-up ads. Unless you are visiting the official software developer’s website, do not install it! Fake software updates are often used as a tool to inject malicious files to victim’s system silently. Finally, avoid email letters that suspicious people send to you. Remember that scammers will pretend to be anyone just to deceive you and convince you to open a malicious email attachment or link. And to sum up, you should be using a reliable anti-malware software to keep malicious programs away from your PC.

How can I remove Czech ransomware virus and get access to my computer again?

If you have been attacked by Czech virus by accident, do not panic. You can remove Czech ransomware rather easily and get access to your files again – just make sure you do the right things. First of all, you will need to reload your computer, but not the way you do it on a regular basis. You will need to reboot in into the Safe Mode with Networking, and if you have never done this before, please read the following Czech virus removal guidelines and carry them out carefully. Once you’re in the safe environment to do anything with your PC, run your anti-malware software to wipe the virus’ remains from your PC. If you do not have the anti-malware software, download it from the Internet while in the Safe Mode with Networking.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Czech virus. Follow these steps

Manual removal using Safe Mode

Please do not underestimate the menace of this virus just because it has been programmed by a script kiddie. It is clear that the developer of this virus is not an experienced programmer, and you should take advantage of it. Please do not rush not to mess things up, and carry out these instructions carefully!

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Czech using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Czech. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Czech removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Czech and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions