What is Cerber
Cerber Ransomware is very dangerous virus which is categorized as ransomware.This virus uses the latest AES Encryption techniques to encrypt your important files in the system. Mostly it will affect photos, images, music, documents like .doc,.docx,.xls and .zip,.rar files and then encrypt them with a file extension .cerber to all the files. They will demand user to pay 1.24 Bitcoins which is approximately $500 to decrypt the files. And within 7 days, they will double the ransom amount which will create panic to the users.Cerber ransomware creates 3 different files namely (#DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.vbs ,#DECRYPT MY FILES#.html) and they will have some instructions to visit their online “Cerber Decryptor page. We will guide you in a manual step by step instructions to remove the cerber virus and decrypt .cerber files in your system easily.
How Cerber infected your PC
Cerber virus gets into your pc by downloading email attachments like .zip,.rar,.doc,.xls,.exe. Once you click and open these files, they will start downloading their macros and select your important personal files to start encrypting with file extension .cerber. Sometimes ,visiting malicious websites, installing rouge applications, toolbars can also result in this virus infection.
How to Remove Cerber Ransomware Manually
We currently don’t recommend to remove the Cerber Ransomware manually, for more better solution use automatic Removal Tools.
Select the Safe Mode
To proceed with the manual removal method, you need to terminate the normal mode, and reboot the infected system in the safe mode. This can be done by restarting your computer, and when the system is in restarting process, you have to open the boot options menu with the help of F8 key, and select the safe mode option from the list of different options to boot your computer in the safe mode.
Remove the Associated Processes
The next step is, killing of the malicious processes associated with the Cerber Ransomware. You can do this by accessing the windows task manager which can be opened by holding the Ctrl+Alt+Delete keys together. Once you are able to see the task manager window, you have to click on the processes tab , and delete following process from the list of running processes:-
- %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Cerber Ransomware files:
#DECRYPT MY FILES#.txt
#DECRYPT MY FILES#.vbs
#DECRYPT MY FILES#.html
Remove the Corrupt Registry Entries
You have to delete the malicious registry entries created by this dangerous malware to complete the manual removal process. In order to clean the windows registry from these corrupt entries, you need to access the registry editor with the help of Regedit command which can be executed through the Run option available in the Start menu. Following are the entries that are required to be deleted:-
Cerber Ransomware registry keys:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cerber Ransomware\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cerber Ransomware
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cerber Ransomware\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cerber Ransomware\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cerber Ransomware\DisplayName Cerber Ransomware
How to decrypt and restore .cerber files
By Using Windows XP,Vista,7,8 Versions option:
- Just Right-click on infected file and choose Properties.
- Then Select Previous Versions tab.
- Select infected version of the file and click Copy(Ctrl+C).
- Then to restore the selected file and just replace the existing file, click on the Restore button.
- In case there is no items in the list choose alternative method.
If you are using Dropbox:
- Simply Login to the DropBox website and then select the folder that contains encrypted files.
- Then Right-click on the encrypted file and choose Previous Versions.
- Finally choose the version of the file you want to restore and then click on the Restore button.
Disclaimer: Altering your windows registry items and other computer files should only be attempted by knowledgeable computer users. Errors in registry items may lead to some technical problems affecting other aspects of your machine. We advise you to attempt all these manual steps at your own risk, or else it is better use the Automatic removal tool below.
Download Cerber ransomware Removal Tool