How to Get Rid of Cerber2 Ransomware

Posted by John Larkin - August 8, 2016

Cerber2 Ransomware Virus is Dangerous

Cerber2 is a ransomware that can encrypt your personal files and ask you to pay a ransom for the decryption key. However, we oppose the payment and it is recommended that you remove this infection as soon as possible, because you may not get the decryption key that can help you to get your files back though you pay to the cyber criminals. You must act quickly to remove Cerber2 because it is active and keep encrypting the new files you put into the computer system. That is very serious and you will be unable to use the computer system safely.

Cerber2-ransomware
To avoid further ado, let’s remove it now. It is very important to know about the distribution of the ransomware. Usually, it takes advantage of spam emails that are disguised as business-related correspondences and free programs. If you happen to get spam e-mails, you should not try to open them. Also, you should not install unknown free programs. Cerber2 is configured to encrypt the personal files into the computer system and then ask you to pay some money. It also makes you scared by saying that it will delete the files or encrypt the files forever if you do not pay. You should not believe cyber criminals who are only concerned about money. Anyway, you should get rid of Cerber2.

Guide to Remove Cerber2 Ransomware Virus

Step 1: End the Malicious Processes
Step 2: Show Hidden Files in the System
Step 3: Find out Malicious Files and Remove Them
Step 4: Decrypt Encrypted Files


Step 1: End malicious process via Windows Task Manager

1. Right click on the Task bar and select Start Task Manager (click Task Manager for Windows 8, 8.1 and 10).
Taskbar-Start-Task-Manager

2. In Processes tab, find out the processes of Cerber2 ransomware virus and right click on it. (For Windows 8, 8.1 10 users, click Details tab). Usually, their processes are named randomly. After that, select Open File Location.
open-file-location

3. Go back to Task Manager and click End Process button (For Windows 8, 8.1 and 10 users, click End task). After that, delete all suspicious files in the folder.
End-Process


Step 2: Show hidden files and folders

For Windows Vista and 7 users,

1. Click Start button to open Start Menu.

2. Open Control Panel and click Appearance and Personalization.
Control-Panel

3. Click Folder Options.
folder-option

4. In the View tab, click Show hidden files, folders and drives and click OK.
show all hidden files

For Windows 8, 8.1 and 10 users,

1. Open any folder in your computer.

2. Click View tab and then tick Hidden items to show all hidden files.
hidden-items-windows-8


Step 3: Locate the files of Cerber2 and remove them

1. Hit Win and R keys on the keyboard to open Run box.
keyboard-windows-r

2. Type regedit and click OK.

3. Navigate to the location as below and remove the file displayed [RANDOM]

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun

4. Run this malware detect tool to find out malicious files in the system and delete them completely so that Cerber2 ransomware virus will not come back again.


Step 4: Restore the system data from a recent backup to decrypt encrypted files

You can try the following recovery methods, but we cannot promise that they will help you recover your files, as Cerber2 ransomware virus uses AES-265 and RSA encryption method.

Method 1: Use System Restore.

1. Press Ctrl+Shift+Esc keys simultaneously to open Task Manager.

2. At the top left corner, click File and then click New task (Run…).
file-new-task-windows-7

3. Type in rstrui in the box and click OK.
open-rstrui

4. Click Next.
system-restore-start

5. Select the restore point and click Next button.
select-restore-point

6. Click Finish button to confirm your restore point.
confirm-restore-point

7. Click Yes once you decide to restore your system.
last-confirm

Method 2: Use Shadow Volume Copies.

Shadow Copy (also referred as Volume Snapshot Service) is a technology in Windows that automatically backup copies or snapshots of computer files or volumes, even when they are being used. To recover your files, you can use Shadow Explorer that is for free.

1. Download Shadow Explorer from its official website and run it.
2. Select the drive and date of the backup files.
3. Right click the file or folder and click Export to save it.
shadow-explorer-export-file



The Previous:
The Next:

Leave a Reply



 



Our Users Are Saying:

"My laptop was so slow and got random blue screen error. I didn't know whom to turn to until I came across doofix. The agent Mike connected to my laptop and helped me change many settings of my system. I've never thought it's so easy to get things fixed. Now my laptop runs quite fast. Thanks for your great service!" ---Frank H, US