Or I could use open files in shares on the server that was affected. Look at the files as they were being reencrypted after I restored them. Go that the workstation that was associated with it and find the stupid cryptolocker whatever laying there playing me for an idoit.
From: [email protected] [mailto:[email protected]] On Behalf Of Jonathan Link Sent: Thursday, May 28, 2015 11:37 AM To: [email protected] Subject: Re: [NTSysADM] Cryptlocker The text files created should indicate the affected user with the Owner attribute, no? On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]<mailto:[email protected]>> wrote: I am pretty sure I have pc with this on it in my network. I have ran scans on workstations. I still do not see it but I have the tell tale signs. The HELP_DECRYPT files in network folders. The word and excel files not being able to be opened etc. How do I remove something that Trend is not seeing? Nor Windows Endpoint protection? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190<tel:317.554.8190> | F: 317.554.8106<tel:317.554.8106> [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [mcp2] This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
