These symptoms seem different than the other Cerber thread listed on the "How to post..." page, so I have started a new one.
Windows 8.1, ASUS X551M laptop.
The user (not me :-) clicked on a "you owe us $$$" email, not sure if it was a zip or a link. But, the result is that the desktop has been changed to low resolution and the following message is displayed in crude text: "Your documents, photos, and other databases have been encrypted by "Cerber Ransomware 4.1.5". "If you understand all importance of the situation then we propose that you go directly to your personal page where you will receive complete instructions....", etc.
It's followed by some text with links to your "personal page" on four different domains/servers.
The system seems to operate normally, at least in a basic way. I have another Admin account on the machine that wasn't in use and appears untarnished.
In all folders where you'd normally find documents, emails, etc, there are a couple files with the extension ".b3e3" and a readme.hta that I assume is supposed to tell you how to recover but I am not bringing up anything I don't need to at this point.
The user would be fine with a recovered system with data lost if it cannot be unencrypted without paying the ransom. OTOH, if the data can be unencrypted, that would be a bonus.
Guide me.. what should I do first to maximize recovery of a clean system?
Edited by BobintheBox, 22 November 2016 - 04:10 PM.