Malware Virus?

Has anyone seen this before. As soon as we logged on to the domain this popped up we immediately unplugged it from the networkCan someone let me know if they have seen this before?
medxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RizzleCommented:
I've not seen that particular message before, but download and run Malwarebytes ASAP to see if the machine is infact infected.

Also can you logon to the machine as local admin and see what programs have been installed?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fred MarshallPrincipalCommented:
You could run ProcMon and use the dragged sensor placed over this dialog to see which program is running it.  And, go from there.
0
RizzleCommented:
Also check the processes in Task Manager to see if there is a process using a high amount of resource, also look for a process which is named weirdly.

Also check MSCONFIG to see if there are any weird apps set to start up with Windows.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Lieven EmbrechtsSenior IT ConsultantCommented:
tsinghua is a chinese university.
log in with the local admin  and continue from there:
- have a look what was last installed
- run mbam (transferred by usb stick)
0
medxAuthor Commented:
Looks like this could be crypto wall? We have redirected my documents. When we logged in to the domain under this user is when this popped up. It must be in his profile. Hopefully we caught this in time. We are going to delete his profile and recreate. Any ideas were not seeing any encrypted files yet. I had a doctor from China cypher this for usIMG-1625.PNG
0
RizzleCommented:
Run Malwarebytes as it could be a virus (poorly written), as a precaution you could re-install Windows on the machine.
0
medxAuthor Commented:
Just to let everyone know I sent off the Chinese JPG to Viper Support. The concluded it was reminisce of the unencrypting  tool we purchased from it looks like the Chinese. Thanks for everyone's help.
0
Lieven EmbrechtsSenior IT ConsultantCommented:
thanks for turning us into chinese translators ;-)
0
medxAuthor Commented:
Because it was none of the above. It was left over from the encryption software
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.