I have a 2008 R2 Server that got hit by DMA Locker which included the encryption of all the Server's data partition files AND the deletion of our system images on a connected USB drive. Since the USB drive looks to have ben "wiped" clean I am assuming it was "wiped" by the DMA Locker infection with a program placed maliciously on the Server called Eraser.exe that was not there last month.
We are in the process of downloading 27GB's of MozyPro remotely backed up data and suspect all is good with that data since we can go back to file versions prior to the encryption date of this weekend.
1. Should a virus removal / repair be attempted with virus detection / removal tools, or should this scenario be an automatic format/fresh re-install of Server 2008?
2. Am I correct in assuming that even if the DMA Locker program can be completely removed/eradicated from the current system this will not decrypt our encrypted data?