Instruction to Remove Cerber 4.0 Ransomware

bluecomputerMy laptop gets infected with virus named Cerber 4.0 Ransowmare and my files have been changed to .cerber4 files. These files are important for me but I forget to back them up. The note asks me to pay for the decryption key. I wonder if I should do as it requires? Is it possible to remove the ransomware? Any help will be appreciated.




The Basic Information about Cerber 4.0 Ransomware

Threat Name Cerber 4.0
Category Ransomware ; Malware
Danger Level 8bar
Operating System Windows XP, Windows 7, Windows Vista, Windows 8/8.1 and Windows 10
Previous Version Cerber Ransomware, Cerber2 Ransomware & Cerber3 Ransomware
Symptoms ①Encrypt your important folders and files ②Demand ransom ③Lock your computer
Ransom Varied
Distribution Method Via spam emails, untrusted websites (gaming platform, adult portals or malicious casinio-theme sites) and system vulnerabilities.
Solution Read the detailed guide below or download a removal tool!


Details about Cerber 4.0 Ransomware


Cerber 4.0 Ransomware is perceived as the latest version of the Cerber Ransowmare, which belongs to one of the most popular ransomware. According to the research, the ransomware emerges in early October and are usually used in malvertising campaigns. Like its predecessors, it also has ability to encrypt your files and demand a ransom. The wallpaper may be replaced by a picture, which also sends ransom information. Each encrypted file will be appended to cerber4 extension. Once encryption is completed, these files can’t be opened and read, let alone modified. Moving these files to another drive can’t change them back to original state because they have been locked. The result will look like the picture below.



Unlike previous versions, Cerber 4.0 Ransomware creates a unique marker for every victim, which means that it can escape from detection and identification of modern AV products. To ensure the ransomware can run without hassle, the updated encryption engine is combined with a new layer of obfuscation techniques with a JavaScript loader. The ransomware reaches victims’ computer via different distribution methods. After encryption, a new ransom note “README.hta” will be created. According to the research, the reason that Cerber 4.0 Ransomware has shifted from a TXT ransom note to a HTA one is HTA format can offer extended customization options.


If you is one of victims of Cerber 4.0 Ransomware, you’d better remove the ransomware at first. That’s not to say that decryption is not important. But if you don’t kick Cerber 4.0 Ransomware out of your computer immediately, the ransomware will do harm to the computer. As long as it still exists, more files may be in danger of encryption and loss. Please read the removal guide to remove Cerber 4.0 Ransomware. If you are afraid of making any mistake during the manual removal process, you are strongly recommended to get an automatic tool to help you.




Here is an example of the ransom note:

Can’t you find the necessary files?
Is the content of your files not readable?
It is normal because the files’ names and the data in your files have been encrypted by “Cerber Ransomware”.
It means your files are NOT damaged! Your files are modified only. This modification is reversible.
From now it is not possible to use your files until they will be decrypted.
The only way to decrypt your files safely is to buy the special decryption software “Cerber Decryptor”.
Any attempts to restore your files with the third-party software will be fatal for your files!
You can proceed with purchasing of the decryption software at your personal page:
[links to pages on the TOR Network]
If this page cannot be opened click here to generate a new address to your personal page. ‘


The ransom note tells victims that they need to purchase the recommended “Cerber Decryptor” to decrypt your files. Victims are also warned not to use other decryption software, which may lead to bad results. Are you afraid when you see the ransom note? Want to pay for it immediately? If I were you, I wouldn’t make the payment. The reasons are chiefly as follows.

  1. Unreliability of the ransom note. It is not sure whether cyber criminals will keep their promises after you have paid for decryption key. Cyber criminals won’t provide their real information to contact. Hence, you won’t get your money back if it is actually a fraud.
  2. Unsafety of payment links. Without protection of antivirus program, you’d not better click strange links, which may result in financial data leakage. Following the instructions provided by cyber hackers means giving a chance for them to steal your personal information.

Moreover, you are given a period of time to pay for the ransom. Once you pass the time, you may pay more for the ransom, which is always varied. Can you afford the price? Similarly, it is also not sure whether you can get your files back even though you have paid higher. The cyber criminals are always the biggest beneficiaries. Hence, you are not recommended to pay the ransom.

How Does Cerber 4.0 Ransomware Enter Your PC?


In addition to spam emails, exploit kits (Eks) are also one of most popular used distribution techniques. According to the research, Neutrino, Magnitude and the RIG Exploit kit have become major “accomplices” of spreading Cerber 4.0 Ransomware. As shown, a cyber hacker will attract computer users to click a link or website, which can access exploit kits. After finding system vulnerabilities, an exploit kit will deliver a payload ( a part of malware) to your system. And then the malware begins to conduct malicious activities on the PC. A malvertisement (malicious advertiesemnt, fake software update message or lottery winnings) is another “accomplice” that helps hackers to spread malware. So, you should be more careful when you are browsing the Internet and downloading software.




It is difficult for novice computer users to prevent their computer from Cerber 4.0 Ransomware attack completely. You shouldn’t hide in caves all the time when the “beast” appears. Sometimes taking the initiative is much better solution. Hence, what you need to do now is to scan your computer and make sure there are no infection like Cerber 4.0 Ransomware in the system.

Cerber 4.0 Ransomware Removal Guide

Quick Menu:

Step 1: Use Anti-Malware Tool to Detect and Remove Cerber 4.0 and Other Viruses

Step 2: How to Recover the Encrypted Files

※How to Back up Your Files

Step 1: Use Anti-Malware Tool to Detect and Remove Cerber 4.0 and Other Viruses


→Reboot the PC in Safe Mode


Choose one from the following instructions based on the system you use now. And make sure all external drive like floppy disks have been out of your computer.

For Windows XP/7/Vista


Restart your computer, tap F8 key constantly when it restarts but the Windows logo appears.



The Windows Advanced Options Menu will pop up, you need to use the arrow keys to select Safe Mode option you want, and then hit Enter key.




For Windows 8



Move the mouse to the right side of the screen until the Windows 8 charm menu appears.



Click Settings button and select Power.



Press Shift key all time and then click Restart from Power menu.



Now you are in the Windows 8 boot menu, click on Troubleshoot.



Then Advanced options



Click Startup Settings



Click Restart button in Startup Settings.



Press F4, F5 or F6 to enter Safe Mode.



For Windows 10




While holding down the Shift key, click Restart in Start menu (Click Start button, select Power and click Restart).



Now you are in the Windows 8 boot menu, please click TroubleShot -> Advanced options ->Windows Startup Settings.



Click Restart button in Startup Settings.



Enter Safe Mode by pressing F4, F5 or F6 key.




→Terminate Processes Related to Cerber 4.0 Ransomware


Right click on the taskbar and then select Start Task Manager/ Task Manager.



Go to Processes tab, find suspicious programs and stop them by click End Task (Win 8&10) / End Process button.




→Run Anti-Malware Tool to Remove Cerber 4.0 Ransomware

  • Use SpyHunter to Scan You Computer

SpyHunter is a useful anti-malware program which has ability to detect and remove all detected traces of Cerber 4.0 Ransomware and other threats. With updated virus database, it can scan the system for all types of computer threats including Worms, Trojans, Rootkits, Spyware and PUP, which may degrade computer performance. Now try to run SpyHunter to remove Cerber 4.0 Ransomware!

Download SpyHunter by clicking on the button below.



Open the downloaded file (SpyHunter-Installer.exe) to start the Installation.



Select your language and click OK button.



Click Continue button when Enigma Software Installer pops up.



Choose I accept the EULA and Privacy Policy option and click Install button.



When the setup is completed, click Exit button.



After installation is completed, run the SpyHunter, go to “Start a New System Scan” tab, and click “Scan Computer Now!



After the scan is finished, screen shows all detected items in the list (click + to read more details about the infection).

Now, press “Fix Threats” button to remove Cerber 4.0 and other detected threat.



Restart the computer to take effect.


  • Use Plumbytes Anti-Malware to Scan You Computer

Download Plumbytes Anti-Malware from the button below.



Install Plumbytes Anti-Malware by clicking INSTALL button.



After installation is done, run Plumbytes Anti-Malware by double-clicking onopenplumbytes(or Plumbytes Anti-Malware will run automatically).

Go to OVERVIEW, and then click Run a scan.



After scan is finished, all detected items will show in the list. You should check the box beside Cerber 4.0 or Select All and then click REMOVE SELECTED.



Restart the computer to take effect.


  • Use Pckeeper Antivirus to Scan You Computer


Download PCKeeper Antivirus Installer on your computer.


  • Open PCKeeper Antivirus Installer, and then click Run button when a windows below appears.


  • Install PCKeeper Antivirus by clicking Start Install button.


  • After installation is finished, you need to wait for completion of Gathering Data.


  • After Gathering Data is completed, click Full Scan or Custom Scan button.
  • Full Scan is recommended if you want to check the whole system for viruses.
  • Custom Scan is recommended if you want to quickly check specific files or folders.


  • Once the scan is done, you can check the box beside File Name and then click Delete button.


  • What is different from other anti-malware software is that PCKeeper Antivirus can provide you with one-to-one assistance. Whenever you encounter problems related to malware or the program, you can turn to your expert.
  • Now start live chat by clicking earphone button/Show Support Bar and get the answer in 24 hours.


Step 2: How to Recover the Encrypted Files


Option 1: Use Windows Previous Versions feature


Go to File Explorer (My Computer icon), click one folder filled with your encrypted files.



Right click on a folder or a file and select Properties.



Press Previous Versions tab, and then select one of Restore points when files don’t be locked and click Restore button in the pop-up window.



Click Apply and OK button to apply the changes.


Option 2: Use System Restore


  • Open Start menu -> Type system restore into the search box -> press Enter key.


  • In the Restore system files and settings page, you can choose Recommended restore or Choose a different restore point, and then click Next button.



  • Choose a restore point when Cerber 4.0 Ransomware doesn’t enter your computer and then click Next button.



  • Click Finish button to start System Restore.


  • Click Yes button in the pop-up window and wait for completion of System Restore.


Option 3: Shadow Volume Copies

More information at

※How to Back up Your Files

It is recommended to back up your files regularly in case of data loss. That’s the most used methods to restore files and system settings.

  • Store files in some storage drives including USB Flash Drives, memory card, CD, DVD and so on.
  • Upload files to SkyDrive or OneDrive.
  • Use System Restore Feature, as shown.

(The guide below use Windows 8 as an example)

Move to the bottom left corner and wait for appearance of image-win8-startbutton

Right click on image-win8-startbutton  and select Search.



Select Settings and type “restore” in the search box.



Click “Create a restore point” in the search results.



In System Protection tab, click Create… button, which means creating a restore point right now for the drives that have system protection turned on.



In order to identify the restore point, you need to type a description of the restore point, and then click Create button.



The system is creating a restore point, please wait for several seconds.

creating a restore point


And then the window tells you “the restore point was created successfully”.



The result can be seen in System Restore tab ( click System Protection > System Restore). Date and Time, Description and Type will display in the list.




Warm Reminder: Unfortunately, there are no effective way to completely decrypt your files nowadays. The most used and useful method is to recover your files from back-ups. Hence, it is important to back up your files regularly. To prevent your computer from Cerber 4.0 Ransomware, computer users are not recommended to click spam emails, malwaretisements and untrusted links, especially without antivirus program. If your computer gets infected Cerber 4.0 Ransomware unluckily, you’d better remove the Ransomware as soon as possible.



Share on FacebookShare on Google+Digg thisPin on PinterestShare on LinkedInShare on TumblrShare on RedditShare on StumbleUpon