Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


My Vista laptop has .cerber virus (Cerber encryptor)

  • This topic is locked This topic is locked
2 replies to this topic

#1 PetarSickey


  • Members
  • 151 posts
  • Local time:10:52 AM

Posted 28 June 2016 - 06:42 AM

Wow, I literally awoke this morning with the bad news that my laptop is all encrypted into .cerber files and those # DECRYPT ...# files also.  So clearly, if I do not have

a backup of the files, and a giant directory of the original names (such as an index that an operating system might have internally to keep track of stuff), then it will 

be a total mess of a turkey-shoot to get the system re-built back to original form.  I write software and all my source code is all encrypted.  Needless to say, it's time

to buy a new laptop while I try to restore my oldie-but-goodie Vista laptop.  It encrypts nearly all of the useful file extensions, like .txt, .cpp, etc..  Perhaps I'm spared

things like .dll, .exe, not sure about this.


I would like to know a good strategy.  If I can somehow get into the OS's indexing, I can make a huge list of filenamesover the next month.  Then try to find an AES-256

decryptor or some such.

But before I start, does anyone have any advice?  I guess I'm talking a week's work here so no big hurry.  There are one or two directories that have .txt files that I'd

like to start on first.  And also, should I try to find any of the virus's own files and start deleting them - like does it have it's own executables laying on my machine 


And help appreciated.




PS In the meantime, I have other machines that I work on that are not on the Internet, so I can rebuild these environments, it's not the end of the world yet.  I make sure

I keep extra machines around for the purpose of virus problems.  I'll work on those during this crunch.

Edited by PetarSickey, 28 June 2016 - 06:44 AM.

BC AdBot (Login to Remove)


#2 cybercynic


  • Members
  • 560 posts
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:10:52 AM

Posted 28 June 2016 - 10:51 AM

Cerber currently has no decryption solution. So, unless you decide to pay the ransom, image the HD in hopes of a future solution.


Ransomware usually deletes itself after decryption is done, but some of its' friends may tag along. Run Malwarebytes and / or Hitman Pro to eliminate any remnants. 


You should also post in and monitor the Cerber topic in this forum in the future.

We are drowning in information - and starving for wisdom.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,756 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:52 AM

Posted 28 June 2016 - 05:32 PM

There is an ongoing discussion in this topic where you can ask questions and seek further assistance but as noted above there is no solution to fix your encrypted files.When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users