Rannoh is a malicious Trojan that has two main features: it is designed to lock its victims out of Windows and encrypts the majority of the files found on the target PC. If you have been infected with this ransom trojan, you should remember Gendarmerie Nationale (French) virus that locates its files almost in the same directories as Rannoh:
- %userprofile%\local settings\temp\<10 random letters>
You should also note that malicious .exe files are randomized as well – they use 20 random letters and numbers in their name, like iewfhonow94rg3gtr3g7.exe or other.
So, when trying to remove Rannoh, we recommend following the steps written below. In order to get into Windows again choose one of these 3 options:
1. Boot off your diagnostic CD/DVD, like Bootable CD Hiren;
2. Insert the hard drive to another PC with a bootable Windows OS;
3. Go into these suspected folders mentioned above and delete these two bad .exes out of their locations.
Either of these ways should help you to get into Windows. However, you will still find that all your files are encrypted. To fix this issue, use a tool released by Kaspersky RannohDecryptor. Launch it and it will help you to restore your files.
Automatic Malware removal tools