Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Malware Virus?

Posted on 2014-10-23
9
Medium Priority
?
179 Views
Last Modified: 2014-11-04
Has anyone seen this before. As soon as we logged on to the domain this popped up we immediately unplugged it from the networkCan someone let me know if they have seen this before?
0
Comment
Question by:medx
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 1332 total points
ID: 40400330
I've not seen that particular message before, but download and run Malwarebytes ASAP to see if the machine is infact infected.

Also can you logon to the machine as local admin and see what programs have been installed?
0
 
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 668 total points
ID: 40400369
You could run ProcMon and use the dragged sensor placed over this dialog to see which program is running it.  And, go from there.
0
 
LVL 13

Assisted Solution

by:Rizzle
Rizzle earned 1332 total points
ID: 40400417
Also check the processes in Task Manager to see if there is a process using a high amount of resource, also look for a process which is named weirdly.

Also check MSCONFIG to see if there are any weird apps set to start up with Windows.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 9

Expert Comment

by:Lieven Embrechts
ID: 40400442
tsinghua is a chinese university.
log in with the local admin  and continue from there:
- have a look what was last installed
- run mbam (transferred by usb stick)
0
 

Assisted Solution

by:medx
medx earned 0 total points
ID: 40400474
Looks like this could be crypto wall? We have redirected my documents. When we logged in to the domain under this user is when this popped up. It must be in his profile. Hopefully we caught this in time. We are going to delete his profile and recreate. Any ideas were not seeing any encrypted files yet. I had a doctor from China cypher this for usIMG-1625.PNG
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40400480
Run Malwarebytes as it could be a virus (poorly written), as a precaution you could re-install Windows on the machine.
0
 

Author Comment

by:medx
ID: 40406399
Just to let everyone know I sent off the Chinese JPG to Viper Support. The concluded it was reminisce of the unencrypting  tool we purchased from it looks like the Chinese. Thanks for everyone's help.
0
 
LVL 9

Expert Comment

by:Lieven Embrechts
ID: 40406588
thanks for turning us into chinese translators ;-)
0
 

Author Closing Comment

by:medx
ID: 40421155
Because it was none of the above. It was left over from the encryption software
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Rules and regulations were devised in order to maintain the integrity of a system. However, interpretation of rules can be quite tricky.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question