Cerber virus

[randy 81 0]

Hi,

My files have been encrypted by Cerber virus.

How can I recover them ?

Thanks.

scan_160607-135914.txt

FRST_07-06-2016_14-44-20.txt

Addition_07-06-2016_14-44-20.txt

scan_160607-185801.txt

FRST_07-06-2016_19-11-19.txt

[Kevin Zoll 309]

Hello,

There is currently no tool that can be used to decrypt Cerber encrypted tools.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAJAdV9eBFpCDAUbd1sVVQpJQhgaJQEOTAEXRwwXdlgPUVpIGBNBNARaB0tXUUEeGGlxR1dMclBCMlpQJEEBQFtQJQ==
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUIwxeB1wSEhgTeA5aTA1CGVYOeVwAVxRJR1MadA9ZVgkSGAwFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXwJUVRNM1w=
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ5bVF8XRFYQbQkAVltcFQYbIxQBBAFHDA1FJgAMV1hGEVYaeR9aFQQTR0cFME0FB18EURNNfWpdAEsSSXBbMFhWElw=&q={searchTerms}
FF user.js: detected! => C:\Users\Randy81\AppData\Roaming\Mozilla\Firefox\Profiles\gf2fkqzt.default\user.js [2016-06-03]
2016-06-06 07:55 - 2016-06-06 07:55 - 00012380 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.html
2016-06-06 07:55 - 2016-06-06 07:55 - 00010509 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.txt
2016-06-06 07:55 - 2016-06-06 07:55 - 00010509 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.txt
2016-06-06 07:55 - 2016-06-06 07:55 - 00000216 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.vbs
2016-06-06 07:55 - 2016-06-06 07:55 - 00000216 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.vbs
2016-06-06 07:55 - 2016-06-06 07:55 - 00000085 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.url
2016-06-06 07:55 - 2016-06-06 07:55 - 00000085 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.url
2016-06-06 00:30 - 2016-06-06 00:30 - 00012380 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.html
2016-06-06 00:11 - 2016-06-06 00:11 - 00012380 _____ C:\Users\Default\# DECRYPT MY FILES #.html
2016-06-06 00:11 - 2016-06-06 00:11 - 00010509 _____ C:\Users\Default\# DECRYPT MY FILES #.txt
2016-06-06 00:11 - 2016-06-06 00:11 - 00000216 _____ C:\Users\Default\# DECRYPT MY FILES #.vbs
2016-06-06 00:11 - 2016-06-06 00:11 - 00000085 _____ C:\Users\Default\# DECRYPT MY FILES #.url
2016-06-05 23:16 - 2016-06-05 23:16 - 00012380 _____ C:\Users\Randy81\# DECRYPT MY FILES #.html
2016-06-05 23:16 - 2016-06-05 23:16 - 00010509 _____ C:\Users\Randy81\# DECRYPT MY FILES #.txt
2016-06-05 23:16 - 2016-06-05 23:16 - 00000216 _____ C:\Users\Randy81\# DECRYPT MY FILES #.vbs
2016-06-05 23:16 - 2016-06-05 23:16 - 00000085 _____ C:\Users\Randy81\# DECRYPT MY FILES #.url
2016-06-03 22:14 - 2016-06-03 22:14 - 00000000 ____D C:\ProgramData\87ac0aa0-7073-1
2016-06-03 22:14 - 2016-06-03 22:14 - 00000000 ____D C:\ProgramData\87ac0aa0-5101-0
2016-06-06 07:56 - 2010-11-20 14:29 - 00000000 __SHD C:\Users\Randy81\AppData\Roaming\{A1F8C5CB-D217-D89A-B7A0-509F6A28E4B7}
C:\Users\Default\# DECRYPT MY FILES #.vbs
C:\Users\Randy81\# DECRYPT MY FILES #.vbs
C:\Users\Randy81\AppData\Local\Temp\avguirn_081864497603.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\Randy81\AppData\Roaming\Mozilla\Firefox\Profiles\gf2fkqzt.default\Extensions\[email protected]
C:\Users\Randy81\AppData\Local\TidyNetwork
C:\Program Files\SystemHealer
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-4235038253-3756754761-151102354-1000\SOFTWARE\SYSTEM HEALER" /f

Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.