Ransom:Win32/Cerber.A removal guide

Malware Removal

The Ransom:Win32/Cerber.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/Cerber.A virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by installation directory

How to determine Ransom:Win32/Cerber.A?


File Info:

crc32: 28E3B1F9
md5: 75f5c417a7ef4076d5730ce3e847d5bf
name: upload_file
sha1: a4931cd472f217de0056877ddd446c9a6627d1cd
sha256: b2f644f5e3d2040ef24f9ca3a36de0c8606a00f30a0da4fbad471db7d2b2a377
sha512: 1fcf09a65466684ade22a1bcd56ff2c7943c5535dc3fcfcfa8a0188b219011cc0f46abafad26bbe7ea9d72253d0c7b8804072cffa1413235699b9e38240e9e25
ssdeep: 6144:7nnKWF10mmyUD0X+lEzKEau5n7x888888888888W88888888888c:Tn7F10mm7ZkN888888888888W888888z
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyrightxa9 2015 IObit. All Rights Reserved.
InternalName: AYPDATE
FileVersion: 3.3.2.133
CompanyName: IObit
LegalTrademarks: IObit
FileDescription: IObit AYPDATE

Ransom:Win32/Cerber.A also known as:

BkavW32.AIDetectVM.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ransom.Cerber.O
FireEyeGeneric.mg.75f5c417a7ef4076
CAT-QuickHealRansom.Cerber.YY2
McAfeeRansomware-GCQ!75F5C417A7EF
CylanceUnsafe
AegisLabTrojan.Win32.Vucha.4!c
SangforMalware
K7AntiVirusTrojan ( 005224381 )
BitDefenderTrojan.Ransom.Cerber.O
K7GWTrojan ( 005224381 )
Cybereasonmalicious.7a7ef4
ArcabitTrojan.Ransom.Cerber.O
BaiduWin32.Trojan.Kryptik.alb
CyrenW32/S-e3cc8b89!Eldorado
SymantecPacked.Generic.459
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Vucha.dc
AlibabaRansom:Win32/Cerber.eea120e3
NANO-AntivirusTrojan.Win32.Vucha.hzqqkg
RisingTrojan.Kryptik!1.AF0E (CLASSIC)
Ad-AwareTrojan.Ransom.Cerber.O
ComodoTrojWare.Win32.Kryptik.ERJ@6l0vie
DrWebTrojan.Encoder.4939
VIPRETrojan.Win32.Generic!BT
InvinceaMal/Generic-R + Mal/Cerber-B
McAfee-GW-EditionBehavesLike.Win32.VirRansom.dm
SophosMal/Ransom-EJ
SentinelOneDFI – Malicious PE
JiangminTrojan.Vucha.brs
WebrootW32.Trojan.Gen
AviraTR/Crypt.ZPACK.Gen
MAXmalware (ai score=100)
MicrosoftRansom:Win32/Cerber.A
SUPERAntiSpywareRansom.Cerber/Variant
ZoneAlarmHEUR:Trojan.Win32.Vucha.dc
GDataTrojan.Ransom.Cerber.O
AhnLab-V3Win-Trojan/Cerber.Gen
Acronissuspicious
VBA32SScope.Malware-Cryptor.Inject
ALYacTrojan.Ransom.Cerber.O
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Kryptik.FDBL
TencentMalware.Win32.Gencirc.10ce0b03
YandexTrojan.Agent!TP+KZwSuX2E
IkarusTrojan.Win32.Crypt
FortinetW32/Dridex.DD!tr
BitDefenderThetaGen:NN.ZexaF.34570.qq1@aKUlV!dj
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.ba4

How to remove Ransom:Win32/Cerber.A?

Ransom:Win32/Cerber.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment