Guide Me Tech

Your guide in every aspect of Technology

What is HETS file and how to decrypt files encrypted by ransomware

by

Hello guys, in this post I am going to write on What is HETS file and how to decrypt files encrypted by ransomware. Most of you know about different types of files but only some of you might know about HETS file. If you don’t know about the HETS File system then here are a few lines for you. HETS file system is nothing but a malware belonging to the DJVU/STOP family. Cyber attackers mostly try to inject this software inside the PC of a user and then demand Ransom.

For those who know about the HETS file type, they might be a victim of a cyber attack in the past. In case if you become a victim of such an attack then follow this simple guide to get back your files.

What is HETS File

HETS file is nothing but a malware that is used to encrypt files present on your PC. If you got a file by name 1.jpg after the encryption it will be 1.jpg.Hets. Now you won’t be able to look open the file and make any edits to it. In case if you got any information present in that file you are not able to retrieve it any more. The attacker will demand ransom in order to decrypt those files. So don’t worry instead of paying the ransom you can try removing this virus from your PC yourself.

Basically there are two ways to remove the virus from your PC. One is to manually find the infected files and removing them and the other one is using a software. With out wasting any time let’s walk through the process.

Manual Process on how to decrypt files encrypted by ransomware

First of all we will try to find out the infected files and remove them manually. Simply follow this process

  • Press Windows + R keys in your Keyboard simultaneously. A Run window will open
  • Now type MS Config and click OK.
System Configuration window
  • In the system configuration window select the Boot Tab and choose safe boot. Click on Apply and then OK
  • Now you are asked to restart your PC. Do it. Check for the safe mode on the top right corner once after the restart. This to check whether your PC boots in the safe mode or not. Else follow this guide on how to boot safe mode windows 10
  • Take a backup of all the files even though they are encrypted in USB Stick or a Hard drive.
  • Also, search for the hidden files and take a backup of them too
  • To look for the hidden files. Click on window search > Type Show hidden files and folder and then open it.
  • Under file explorer option change the option from Don’t show to show and then click apply. Now you can see all the hidden files.
  • Now click on THIS PC and type the “Fileextension:exe:The Virus” in the search bar.
  • Delete the virus file if find any when you click on the search.

Now it’s time to repair the Windows Registry

Before we start repairing the windows registry make sure you take a backup first. In case we any mess, we can restore it back. If you don’t know how to take a backup of registry then simply follow these steps

  • Click on the Window+R keys from your keyboard simultaneously. A RUN window will open
  • Type “REGEDIT” and click on OK. A registry editor window will open
  • Click on File > Export, Choose desktop to give a file name and make sure you select ALL under export range at the bottom and then hit save. A backup file will be there on your desktop.
  • Once after we take the backup successfully. We will start to repair the registry now. Make sure you got your Windows Boot CD ready.
  • Open settings and go to Update and recovery. At the recovery tab, click advanced startup and then click Restart Now.
  • Insert the Windows Operating system image CD while your PC restarts and select the Troubleshoot option
  • At the Advanced Options screen select the Automated Repair option
  • Choose an account and log in, when prompted to do so.
  • Automatic repair may start now and your Pc will reboot during this process.

Once after the successful repair now insert the USB stick and check the encrypted files. If the virus still exist you need to go with an automatic removal. This can be done with the help of malware removal tools.

Automatic decryption Removal Tools

If the above manual method fails to remove virus files from your PC you can check with removal tools available in the market. All you need to do is a simple google search. You can find many tools online but I will note some of them below.

1. SPY HUNTER malware removal Tool

2. Emsi soft Decryptor by DJVU

3. Hitman Pro

4. Malware Byte Anti ransomware

I haven’t personally tested all these tools. So check the reviews and buy the best and affordable tool for you. Most of them promise to remove the Ransomware. Instead of paying the ransom to an unknown buy any tool and unlock all your files. This is how to decrypt files encrypted by ransomware.

In case if you got any queries, suggestions or know any other tool , a method by which you are able to successfully remove the HETS virus do let our readers know in the comments section below. Thanks for reading sharing is caring.