Scribd
Upload
116 views

Rakhnidecryptor - Exe Windows 8 Windows 7 Windows Vista

This document provides instructions for decrypting files encrypted by the Rakhni malware using the RakhniDecryptor utility. Key steps include: 1) Ensuring the malware is removed first using antivirus software, 2) Locating the exit.hhr.oshit encrypted password file, 3) Downloading and running the RakhniDecryptor executable, 4) Scanning drives to decrypt files and delete encrypted file copies.

Uploaded by

MS
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
116 views

Rakhnidecryptor - Exe Windows 8 Windows 7 Windows Vista

This document provides instructions for decrypting files encrypted by the Rakhni malware using the RakhniDecryptor utility. Key steps include: 1) Ensuring the malware is removed first using antivirus software, 2) Locating the exit.hhr.oshit encrypted password file, 3) Downloading and running the RakhniDecryptor executable, 4) Scanning drives to decrypt files and delete encrypted file copies.

Uploaded by

MS
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

How-to guide.

IMPORTANT! Make sure you remove the malware from your system first, otherwise
it will repeatedly lock your system or encrypt files. Any reliable antivirus solution
can do this for you.

Note: Rakhni creates the exit.hhr.oshit file that contains an encrypted password to user's
files. If this file remains on the computer, it will make decryption with
the RakhniDecryptor utility faster. If the file has been removed, it can be recovered with file
recovery utilities. After the file is recovered, put it into %APPDATA% and run the scan with
the utility once again. The exit.hhr.oshit file has the following path:

 Windows XP: C:\Documents and Settings\<username>\Application Data


 Windows 7/8: C:\Users\<username>\AppData\Roaming

To decrypt the files, do the following:

1. Download the RakhniDecryptor.exe file. The instructions on how to download a file are
available below:
 For Windows 8 users
 For Windows 7 users
 For Windows Vista users
2. Run the RakhniDecryptor.exe file on the infected computer.
3. In the Kaspersky RakhniDecryptor window click the Change parameters link.

4. In the Settings window select the objects to scan (hard drives / removable
drives / network drives).
5. Select the checkbox Delete crypted files after decryption (the utility will be deleting
copies of original files with the .locked, .kraken and .darkness extensions).
6. Click ОК.

7. In the Kaspersky RakhniDecryptor, click the Start scan button.


8. In the Specify the path to one of encrypted files, select the file you need to restore
and click Open.
9. The utility will start recovering the password. Please mind the Warning! window message.

10. Wait until the utility is done with decrypting the file (do not exit the program or shut down
the computer).

You might also like