Remove Realxakepok Ransom Virus and Unlock WinRar Locked Files - How to, Technology and PC Security Forum |

Remove Realxakepok Ransom Virus and Unlock WinRar Locked Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Realxakepok-WinRar-Password-SensorstechforumA rather unorthodox ransomware variation has been reported to use the notorious program WinRar to archive and lock the users’ files using a password. The virus demands users to contact e-mail address in order to restore their files. The cyber-criminals behind the e-mail address will most likely provide instructions for making a ransom payoff which may be in BTC or other cryptocurrency. Users are stongly advised not to give themselves into the demands of the cybercrook(s) behind the ransomware and try alternative methods for free to revert their files after removing the virus with an advanced anti-malware program.

Threat Summary

Short DescriptionThe ransomware locks files with a password and uses a strong algorithm to lock the password in a key.txt file.
SymptomsAll files are in a .RAR file extension. A pop-up appears with ransom instructions when WinRar is Opened.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Realxakepok


Malware Removal Tool

User ExperienceJoin our forum to Discuss zCrypt Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Realxakepok Ransomware – Ways It Spreads

Realxakepok is believed to be spread on individual machines, instead of organizations. This automatically suggests that the ransomware may use campaigns to massively be spread across potential victim PCs. Some of the most well-known massive methods for spreading malware are:

  • Via spam e-mail attachments.
  • By using malicious URLs featured in such spam mails or anywhere on the web.
  • By uploading fake executables in websites disguised as legitimate software providing ones.
  • Via adware or other unwanted programs.

After the user opens up such malicious file or a web link, Realxakepok may use an Exploit Kit, JavaScript or a drive-by down load of a Trojan which opens a port and gets the malicious files to infect users.

Realxakepok Ransomware – Technical Overview
After a successful infection, the ransomware drops several .bat files on the compromised PC:

  • MY.BAT
  • MY.BAT3
  • MY.BAT4

These files are reported by malware analysts on security forums to start the following processes in Windows Task Manager:

  • cwp
  • chaekgrewege

Realxakepok ransomware also creates the following files:

→ C:/Program Files/ Chaekgrewege/chaekgrewegeverifierService.html5
C:/Program Files/Chaekgrewege/ chaekgrewegeverifierTask.exe

In addition to that, Realxakepok ransomware virus makes different registry values in relation to chaekgrewege files.

After this is done, the file-locking process begins. Realxakepok uses WinRar to archive oftenly used types of files, for example:


After this is done, the ransomware wants a password everytime the user tries to open the files. In addition to the password, Realxakepok also has specific and serious demands that appear in a pop-up type of WinRar window:

→ “All your valuable files are archived indefinitely using
program WinRar.
Password for the archive was generated randomly
and encrypted algorithm used in the military sphere.
This means that no one in the world can not help you
to receive a password, except for me. I’m not the
one who receives money and disappears. In this
case, you will get your 100% data back, but there
is little time restriction on a valid password, so
postpone and believe in miracles not worth it.
Your encrypted password stored on the disk
c: \ key.txt or folder c: \ windows \ key.txt.
It should be sent to e-mail
and discuss payment method
Price password is symbolic twenty five euros.” Source: Bleeping Computer

After this is done, the ransomware saves a file, named “key.txt” which contains the password in an encoded format with one of the following encryption algorithms:

  • Base64
  • XOR
  • RSA
  • DH
  • AES

So far it is not clear what the password is, however the ransom e-mail address is also associated with other cyber-threat which is a screenlocker type. The password of the other cyber-threat is believed to be “iamsorrygoodluck”.

Remove Realxakepok Ransomware Virus and Try Reverting The Files

Since this virus creates multiple files and registry entries you can use the information in this article in combination with the removal instructions to manually find them and delete them in safe mode after stopping them from Windows Task Manager as a process (if they are still running). However, for maximum effectiveness, cyber-security experts advise users to use a more automatic approach when removing data. It includes installing an advanced anti-malware tool which will find every single object created or modified by Realxakepok ransomware on your computer.

To restore your files, you may have couple of free options left. Since Realxakepok virus has not been reported to delete backups and shadow volume copies you may want to try and follow the instructions in step “3.Restore files encrypted by Realxakepok Ransomware” below. Other options which may work for you is by downloading a WinRar bruteforce password cracker and make a password list of different letter combination, but it is a time costly process. The final solution may be to purchase WinRar and contact the program’s support for assistance.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share