Oh, and we re-imaged the PC that was infected. Completely overwrote the HD. The only way to be sure.
On Thu, May 28, 2015 at 12:05 PM, Michael Leone <[email protected]> wrote: > We just had that happen last week. My boss ran scans with our > Kaspersky Enterprise AV to clean the PC in question; scanned > everything else, and I restored files from last week's backups. > > On Thu, May 28, 2015 at 11:44 AM, Susan Bradley <[email protected]> wrote: >> First off be aware that the only way to really make sure something is gone >> from an impacted machine is to rebuilt it. >> >> Cryptolocker (and it's variants) want to encrypt data, so how's your backups >> as you'll need to restore that data and shadowcopies may be gone. >> >> http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information >> >> *_What should you do when you discover your computer is infected with >> CryptoWall_* >> >> If you discover that your computer is infected with CryptoWall you should >> immediately scan your computer with an anti-virus or anti-malware program. >> Unfortunately, most people do not realize CryptoWall is on their computer >> until it displays the ransom note and your files have already been >> encrypted. The scans, though, will at least detect and remove any other >> malware that may have been installed along with CryptoWall. >> >> Some of the files where associated malware have been found are: >> >> *%Temp% >> C:\<random>\<random>.exe >> %AppData% >> %LocalAppData% >> %ProgramData% >> * >> >> * >> * >> >> If trend is coming back with nothing, use malwarelbytes or even a >> boot under the OS a/v tool to scan that system. >> >> >> >> MS wants feedback on patching: http://tinyurl.com/patchingsurvey >> On 5/28/2015 8:30 AM, David McSpadden wrote: >>> >>> >>> I am pretty sure I have pc with this on it in my network. >>> >>> I have ran scans on workstations. >>> >>> I still do not see it but I have the tell tale signs. >>> >>> The HELP_DECRYPT files in network folders. >>> >>> The word and excel files not being able to be opened etc. >>> >>> How do I remove something that Trend is not seeing? >>> >>> Nor Windows Endpoint protection? >>> >>> *David McSpadden* >>> >>> Systems Administrator >>> >>> Indiana Members Credit Union >>> >>> P: 317.554.8190 |F: 317.554.8106 >>> >>> Description: imcu email icon <http://imcu.com/> Description: facebook >>> email icon <https://www.facebook.com/IndianaMembersCU> Description: twitter >>> email icon <https://twitter.com/IndMembersCU> >>> >>> Description: email logo >>> >>> mcp2 >>> >>> This e-mail and any files transmitted with it are property of Indiana >>> Members Credit Union, are confidential, and are intended solely for the use >>> of the individual or entity to whom this e-mail is addressed. If you are not >>> one of the named recipient(s) or otherwise have reason to believe that you >>> have received this message in error, please notify the sender and delete >>> this message immediately from your computer. Any other use, retention, >>> dissemination, forwarding, printing, or copying of this email is strictly >>> prohibited. >>> >>> >>> Please consider the environment before printing this email. >>> >> >> >>
