Jump to content

Recommended Posts

Hello,

There is currently no tool that can be used to decrypt Cerber encrypted tools.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAJAdV9eBFpCDAUbd1sVVQpJQhgaJQEOTAEXRwwXdlgPUVpIGBNBNARaB0tXUUEeGGlxR1dMclBCMlpQJEEBQFtQJQ==
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUIwxeB1wSEhgTeA5aTA1CGVYOeVwAVxRJR1MadA9ZVgkSGAwFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXwJUVRNM1w=
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ5bVF8XRFYQbQkAVltcFQYbIxQBBAFHDA1FJgAMV1hGEVYaeR9aFQQTR0cFME0FB18EURNNfWpdAEsSSXBbMFhWElw=&q={searchTerms}
FF user.js: detected! => C:\Users\Randy81\AppData\Roaming\Mozilla\Firefox\Profiles\gf2fkqzt.default\user.js [2016-06-03]
2016-06-06 07:55 - 2016-06-06 07:55 - 00012380 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.html
2016-06-06 07:55 - 2016-06-06 07:55 - 00010509 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.txt
2016-06-06 07:55 - 2016-06-06 07:55 - 00010509 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.txt
2016-06-06 07:55 - 2016-06-06 07:55 - 00000216 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.vbs
2016-06-06 07:55 - 2016-06-06 07:55 - 00000216 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.vbs
2016-06-06 07:55 - 2016-06-06 07:55 - 00000085 _____ C:\Users\Randy81\Downloads\# DECRYPT MY FILES #.url
2016-06-06 07:55 - 2016-06-06 07:55 - 00000085 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.url
2016-06-06 00:30 - 2016-06-06 00:30 - 00012380 _____ C:\Users\Randy81\Desktop\# DECRYPT MY FILES #.html
2016-06-06 00:11 - 2016-06-06 00:11 - 00012380 _____ C:\Users\Default\# DECRYPT MY FILES #.html
2016-06-06 00:11 - 2016-06-06 00:11 - 00010509 _____ C:\Users\Default\# DECRYPT MY FILES #.txt
2016-06-06 00:11 - 2016-06-06 00:11 - 00000216 _____ C:\Users\Default\# DECRYPT MY FILES #.vbs
2016-06-06 00:11 - 2016-06-06 00:11 - 00000085 _____ C:\Users\Default\# DECRYPT MY FILES #.url
2016-06-05 23:16 - 2016-06-05 23:16 - 00012380 _____ C:\Users\Randy81\# DECRYPT MY FILES #.html
2016-06-05 23:16 - 2016-06-05 23:16 - 00010509 _____ C:\Users\Randy81\# DECRYPT MY FILES #.txt
2016-06-05 23:16 - 2016-06-05 23:16 - 00000216 _____ C:\Users\Randy81\# DECRYPT MY FILES #.vbs
2016-06-05 23:16 - 2016-06-05 23:16 - 00000085 _____ C:\Users\Randy81\# DECRYPT MY FILES #.url
2016-06-03 22:14 - 2016-06-03 22:14 - 00000000 ____D C:\ProgramData\87ac0aa0-7073-1
2016-06-03 22:14 - 2016-06-03 22:14 - 00000000 ____D C:\ProgramData\87ac0aa0-5101-0
2016-06-06 07:56 - 2010-11-20 14:29 - 00000000 __SHD C:\Users\Randy81\AppData\Roaming\{A1F8C5CB-D217-D89A-B7A0-509F6A28E4B7}
C:\Users\Default\# DECRYPT MY FILES #.vbs
C:\Users\Randy81\# DECRYPT MY FILES #.vbs
C:\Users\Randy81\AppData\Local\Temp\avguirn_081864497603.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\Randy81\AppData\Roaming\Mozilla\Firefox\Profiles\gf2fkqzt.default\Extensions\[email protected]
C:\Users\Randy81\AppData\Local\TidyNetwork
C:\Program Files\SystemHealer
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-4235038253-3756754761-151102354-1000\SOFTWARE\SYSTEM HEALER" /f
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...