Will MBAR remove CERBER2 from PC's?

[Lancorp]

I have a client with two computers that are infected with CERBER2.  We've contained it by shutting down those PC's immediately, but not before some files were lost (encrypted) throughout the server.  We have backups, so not worried there.

However, wondering what to do with the PC's themselves?  Will MBAR scan and remove CERBER2 (disconnected from network, of couse) or should I install new SSD and reinstall Windows from scratch?

Thanks for any ideas.

[1PW]

Hello Lancorp and

Malwarebytes Anti-Rootkit Beta (MBAR Beta) is the perpetual Anti-Rootkit beta testing vehicle for Malwarebytes' Anti-Malware's (MBAM) Anti-Rootkit module and the standalone application for anti-rootkit scanning, identification and removal.

Malwarebytes Anti-Ransomware Beta (MBARW Beta) does not scan & remove but is designed to block & quarantine ransomware malware activity as the infection attempts to execute.

Malwarebytes Anti-Malware (MBAM) can scan for, and remove Cerber malware, but in your user's situation I recommend: 1.) An investigation be made to locate the most recent effective efforts to recover .Cerber2 encrypted files and 2.) in the strongest possible terms you employ supervised malware removal help to also mitigate the attack vector(s) and delivery of the original malware.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also attach (not compress/copy/paste) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not alter any pre-configured FRST categories as the default settings are well suited for malware removal actions.

Thank you.

Edited August 25, 2016 by 1PW