Ransom

Ransom:Win32/Cerber.C removal guide

Malware Removal

The Ransom:Win32/Cerber.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/Cerber.C virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs

How to determine Ransom:Win32/Cerber.C?


File Info:

crc32: 4D54A456
md5: d5a1a41df31bb25264b286f728672e4f
name: D5A1A41DF31BB25264B286F728672E4F.mlw
sha1: bffdd280b6f144c518f1a96eef3c4c0c352c4d86
sha256: ec0b784552a2f03f4d1a85154adaa010619d40c44a6cfc831945d48de5e92fff
sha512: 432877c4f329374151ac5f5b8e9c37e91900fd04ecb454382f68ec6a745c6fe2f78b2124f943975fb650c05f25f9bd776895748dc5ef5dbad0c4de49482c7ff3
ssdeep: 6144:6n4tN4jVuw/l5fTGxf8K/45X9I4sBODK99VJTu2wU:ftN4jVD/nY8KetIfOAjR1
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Cerber.C also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004c38e11 )
LionicTrojan.Win32.Kovter.4!c
Elasticmalicious (high confidence)
CAT-QuickHealTrojan.Generic.SK1
ALYacGen:Variant.Zusy.198183
CylanceUnsafe
ZillyaTrojan.Kovter.Win32.2326
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Variant.Zusy.198183
K7GWTrojan ( 004c38e11 )
Cybereasonmalicious.df31bb
BaiduWin32.Trojan.Cerber.b
CyrenW32/S-3d4e2147!Eldorado
SymantecRansom.Cerber!g8
ESET-NOD32Win32/Kovter.C
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Packre.gen
NANO-AntivirusTrojan.Win32.Kovter.ekkpkl
MicroWorld-eScanGen:Variant.Zusy.198183
TencentMalware.Win32.Gencirc.10bdf052
Ad-AwareGen:Variant.Zusy.198183
SophosML/PE-A + Mal/Cerber-F
ComodoTrojWare.Win32.Kovter.BH@6hsmol
BitDefenderThetaGen:NN.ZexaF.34170.wqX@aecmtQ
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Sality.fc
FireEyeGeneric.mg.d5a1a41df31bb252
EmsisoftGen:Variant.Zusy.198183 (B)
JiangminTrojan.Kovter.aqy
WebrootW32.Rogue.Gen
AviraHEUR/AGEN.1108810
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.1989117
MicrosoftRansom:Win32/Cerber.C
SUPERAntiSpywareTrojan.Agent/Gen-Malagent
ZoneAlarmHEUR:Trojan.Win32.Packre.gen
GDataGen:Variant.Zusy.198183
AhnLab-V3Trojan/Win32.Cerber.R184031
Acronissuspicious
McAfeeTrojan-FJJH!D5A1A41DF31B
MAXmalware (ai score=83)
VBA32BScope.Trojan.Downloader
MalwarebytesTrojan.PasswordStealer
TrendMicro-HouseCallRansom_CERBER.SMG
YandexTrojan.GenAsa!FdGQhKDjz8s
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AP.48413
PandaTrj/GdSda.A

How to remove Ransom:Win32/Cerber.C?

Ransom:Win32/Cerber.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment