Another client got infected with a different variant of a cryptoware trojan. This one is Russian because it leaves a Russian and english instructions on the screen. The instructions are to send an email to decodefile01@gmail.com or decodefile02@gmail.com with the supplied long code for further instructions. Readme files are left on the desktop and it doesn't seem to infect mapped drives. Desktop background is overwritten and system icons are hidden. Even logged on as administrator, the system icons are hidden including all programs installed under All Programs. Nothing suspicious shows up msconfig or Task manager. The exact same results when using SAFE Mode. I don't have time to diagnose anymore. Just Nuke and reinstall OS. Unfortunately this machine missed the CryptoPrevent installation.
↧