My files were encrypted by a Cerber3 Ransomware, here are the contents left by the .txt file (note: content is very long)
I was trying to watch a movie file, but I cannot play it. It came with a Ultra XVid Codec Pack.exe
complete with the proper setup icon and when I see its Properties>Details, it said it was a "Windows trusted installer"
in the description. I scanned it with ESET NOD32 Smart Security 8 and it did not detect anything, and so I run it, but an error popped up and said that the setup was corrupted and terminated or something. Then I got suspicious, I ran taskmgr.exe
and there I saw in the Process tab, there was a .exe process with a bunch of letters and numbers
which alerted me because it looked like the name of a virus. So I terminated the process. Then I also saw a process of Windows PowerShell
, which I do not recognize me ever running powershell, so I terminated it immediately also. Then unfortunately, after a few hours I noticed my files were missing. Instead it was replaced by the # HELP DECRYPT # files and a bunch of files with letters and numbers with the .cerber3 extension on it.
Good thing I have DeepFreeze installed, so everything that was changed in the C: Win7Pro
partition was deleted and returned to normal after restart, so I'm pretty sure the virus is gone now. But unfortunately, the files on my other partitions were caught by the ransomware. I really need those important data. Those are the records for my small computer rentals business. I do not have backup. Please advise.p.s.
I uploaded the suspicious files, and samples of the .cerber3 files.TAKE NOTE: DO NOT OPEN THE .EXE OR ELSE RISK INFECTION FROM THIS "Cerber3" RANSOMWARE ALSO
This is the link for the shared Dropbox folder:
EDIT: If there's nothing else to do left, and all my files are good as gone. Then I take pride in being a victim of this ransomware and contributed efforts to try help solve this virus. Thank you for everyone that is helping (or will be helping)
Edited by zekkenyuuki, 05 September 2016 - 10:23 AM.