I went to this site to check the menu before I left work, and got a lot of replicating popups. I finally got pissed and used task manager to close Firefox. At this point, I got a ransomeware notice so I re-booted. The ransomware notice persisted after I logged on. I re-booted and logged on as another user (same domain) and had no problems. I had been at work for 10 hours, I was hungry, and decided it could wait until tomorrow. Here is the report: http://urlquery.net/report.php?id=887943
The damnedest thing about this is I got it at work and they use that joke McAfee. I just want to make sure you guys know about it so I don’t get it at home. I suspect my easiest remedy at work is to re-image. If anyone has any alternative thoughts, let me know.
As a postscript, I did report this to Google so they can blacklist it.
Today wasn’t my day for extra-curricular projects. Apparently lightning hit the building around 7am and set off the fire alarm and they evacuated all 300+ people to the parking lot across the street in a driving thunderstorm. Things had gone downhill between then and the time I got there. I will try this again tomorrow.
Things were still not quite back to routine today, and I had to change plans. I downloaded a live ISO, blew that onto a USB key, and let it percolate a couple of hours. Looks like I rang the bell. Here is what it found:
Just as it appeared to be, it was the Java exploit. That returned control to my login and I rebooted into safe mode to run MBAM. I had forgotten to change ‘re-name anything that can’t be fixed’ to ‘delete’, so it found the two which were renamed as well as two registry keys and identified all as Trojan.ransom.df, which pretty well describes the infestation. After that, I ran OTL. Thanks for the tip; this looks pretty thorough. I got an “exceeds the maximum allowed length” when I pasted it here, though. Since I don’t see any way to attach a text file, do you have a preferred filehost I could link?
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I wore that system out yesterday trying to catch up and was surprised there were no residual effects observed. I will take care of the skype.ini Monday, rescan, and save the log before I copy over the MVPS HOSTS file.