Solved

Malware Virus?

Posted on 2014-10-23
9
129 Views
Last Modified: 2014-11-04
Has anyone seen this before. As soon as we logged on to the domain this popped up we immediately unplugged it from the networkCan someone let me know if they have seen this before?
0
Comment
Question by:medx
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 333 total points
ID: 40400330
I've not seen that particular message before, but download and run Malwarebytes ASAP to see if the machine is infact infected.

Also can you logon to the machine as local admin and see what programs have been installed?
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 167 total points
ID: 40400369
You could run ProcMon and use the dragged sensor placed over this dialog to see which program is running it.  And, go from there.
0
 
LVL 13

Assisted Solution

by:Rizzle
Rizzle earned 333 total points
ID: 40400417
Also check the processes in Task Manager to see if there is a process using a high amount of resource, also look for a process which is named weirdly.

Also check MSCONFIG to see if there are any weird apps set to start up with Windows.
0
 
LVL 9

Expert Comment

by:Lieven Embrechts
ID: 40400442
tsinghua is a chinese university.
log in with the local admin  and continue from there:
- have a look what was last installed
- run mbam (transferred by usb stick)
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Assisted Solution

by:medx
medx earned 0 total points
ID: 40400474
Looks like this could be crypto wall? We have redirected my documents. When we logged in to the domain under this user is when this popped up. It must be in his profile. Hopefully we caught this in time. We are going to delete his profile and recreate. Any ideas were not seeing any encrypted files yet. I had a doctor from China cypher this for usIMG-1625.PNG
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40400480
Run Malwarebytes as it could be a virus (poorly written), as a precaution you could re-install Windows on the machine.
0
 

Author Comment

by:medx
ID: 40406399
Just to let everyone know I sent off the Chinese JPG to Viper Support. The concluded it was reminisce of the unencrypting  tool we purchased from it looks like the Chinese. Thanks for everyone's help.
0
 
LVL 9

Expert Comment

by:Lieven Embrechts
ID: 40406588
thanks for turning us into chinese translators ;-)
0
 

Author Closing Comment

by:medx
ID: 40421155
Because it was none of the above. It was left over from the encryption software
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This video demonstrates basic masking and how to edit the mask to reveal the desired image.
This video will demonstrate how to find the puppet warp tool from the edit menu and where to put the points to edit.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now