We just had that happen last week. My boss ran scans with our Kaspersky Enterprise AV to clean the PC in question; scanned everything else, and I restored files from last week's backups.
On Thu, May 28, 2015 at 11:44 AM, Susan Bradley <[email protected]> wrote: > First off be aware that the only way to really make sure something is gone > from an impacted machine is to rebuilt it. > > Cryptolocker (and it's variants) want to encrypt data, so how's your backups > as you'll need to restore that data and shadowcopies may be gone. > > http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information > > *_What should you do when you discover your computer is infected with > CryptoWall_* > > If you discover that your computer is infected with CryptoWall you should > immediately scan your computer with an anti-virus or anti-malware program. > Unfortunately, most people do not realize CryptoWall is on their computer > until it displays the ransom note and your files have already been > encrypted. The scans, though, will at least detect and remove any other > malware that may have been installed along with CryptoWall. > > Some of the files where associated malware have been found are: > > *%Temp% > C:\<random>\<random>.exe > %AppData% > %LocalAppData% > %ProgramData% > * > > * > * > > If trend is coming back with nothing, use malwarelbytes or even a > boot under the OS a/v tool to scan that system. > > > > MS wants feedback on patching: http://tinyurl.com/patchingsurvey > On 5/28/2015 8:30 AM, David McSpadden wrote: >> >> >> I am pretty sure I have pc with this on it in my network. >> >> I have ran scans on workstations. >> >> I still do not see it but I have the tell tale signs. >> >> The HELP_DECRYPT files in network folders. >> >> The word and excel files not being able to be opened etc. >> >> How do I remove something that Trend is not seeing? >> >> Nor Windows Endpoint protection? >> >> *David McSpadden* >> >> Systems Administrator >> >> Indiana Members Credit Union >> >> P: 317.554.8190 |F: 317.554.8106 >> >> Description: imcu email icon <http://imcu.com/> Description: facebook >> email icon <https://www.facebook.com/IndianaMembersCU> Description: twitter >> email icon <https://twitter.com/IndMembersCU> >> >> Description: email logo >> >> mcp2 >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are not >> one of the named recipient(s) or otherwise have reason to believe that you >> have received this message in error, please notify the sender and delete >> this message immediately from your computer. Any other use, retention, >> dissemination, forwarding, printing, or copying of this email is strictly >> prohibited. >> >> >> Please consider the environment before printing this email. >> > > >
