I was on the internet at the weekend and my browser (IE) diverted to the PCeU (Police Central e-crime Unit) page. Naturally I was suspicious and opened a separate IE window to carry out a search regarding this. The results came up that this was ransomware and so immediately clicked the close button in the top right hand corner of IE, which brought up a separate window asking me to confirm that I wanted to close this window. Automatically without thinking I clicked yes, but this had no effect. I therefore opened the task manager and closed IE through this.
Following this I closed the other IE window I had opened and carried out a full scan using McAfee Live Safe, which found no infections. I then checked my documents folders and everything appeared to be accessible, with nothing seeming to have been encrypted. I then chose the shut down option which logger me off but hung on the shutting down screen, so after about 5-10 minutes I manually powered off. On turning my computer back on again it started up as normal, which from what I have since read this virus will not allow if it infects your machine. I then ran a full system scan again (which found nothing) following which I downloaded Malwarebytes Anti-Malware and ran (which also found nothing), and the ransomware window has not since reappeared. I have also checked by IBM Trustee Raptor weekly report which has not picked up anything.
From what I have read the following should be done if this ransomware has infected my system:
Would it be best to carry out the above to make doubly sure that my system is not infected, or is there something else that I should do (like running McAfee GetSusp as well).
Any advice would be greatly appreciated as everything I have found in the internet relates to removing this after it has infected your system and locked it up completely.
OS - Windows 8.1
Browser - Internet Explorer
Anti-virus software - McAfee LiveSafe
It seems to appear that you may have gotten lucky. The best thing to do is immediately 'Power off/Shutdown' for any clicking of your mouse can initiate installation. I would recommend running McAfee Getsusp also to play safe:
Just remember to enter your email address under 'Preferences' before scanning. Please apprise us of your results.
All the Best
McAfee Community Moderator
I ran GetSusp at the weekend and am awaiting a response from McAfee. I'll let you know what I hear back.
It did come up with one suspicious and one unknown, both of which I recognised. So hopefully everything will turn out OK.
I might add that if the Unknown programs are ones you may use on a regular basis, and cause no issues or not detected by your 'Real Time Scanning'. There might not be no reason for concern. Of course that depends on what the programs are.
Just to keep you up to date -
Even though the virus did not appear to have got through to my computer and locked me out I nevertheless carried out the first option in the removal guide as supplied by Ex_Brit. Initially I recovered my machine to a date prior to initial issue then ran Malwarebytes Anti-Malware followed by HitmanPro, both of which found no issued. Following this I fully updated all the windows updates and then ran Belarc Advisor, which did not flag up any issued regarding the installed updates.
I am assuming from this that I have been lucky and that the virus did not actually manage infect my computer in the first place but just froze an IE web page with the lock screen warning it generates. I am still however awaiting a response from McAfee Labs regarding the GetSusp analysis results (Reference WorkItemID: 1707310), but as the two file names it came up with relate to programs that I recognise I am assuming that this will not be an issue.
Thank you for all your help.