8 Replies Latest reply on Aug 10, 2015 8:08 AM by Peter M

    Help required regarding potential ransomware infection


      I was on the internet at the weekend and my browser (IE) diverted to the PCeU (Police Central e-crime Unit) page. Naturally I was suspicious and opened a separate IE window to carry out a search regarding this.  The results came up that this was ransomware and so immediately clicked the close button in the top right hand corner of IE, which brought up a separate window asking me to confirm that I wanted to close this window.  Automatically without thinking I clicked yes, but this had no effect.  I therefore opened the task manager and closed IE through this.


      Following this I closed the other IE window I had opened and carried out a full scan using McAfee Live Safe, which found no infections.  I then checked my documents folders and everything appeared to be accessible, with nothing seeming to have been encrypted.  I then chose the shut down option which logger me off but hung on the shutting down screen, so after about 5-10 minutes I manually powered off.  On turning my computer back on again it started up as normal, which from what I have since read this virus will not allow if it infects your machine.  I then ran a full system scan again (which found nothing) following which I downloaded Malwarebytes Anti-Malware and ran (which also found nothing), and the ransomware window has not since reappeared.  I have also checked by IBM Trustee Raptor weekly report which has not picked up anything.


      From what I have read the following should be done if this ransomware has infected my system:

      • restart computer in safe mode with networking
      • restore system to a time prior to infection
      • run a full system scan
      • run a separate anti-malware scan (i.e. Malwarebytes Anti-Malware)
      • restart computer as normal
      • run full system scan again
      • run separate anti-malware scan


      Would it be best to carry out the above to make doubly sure that my system is not infected, or is there something else that I should do (like running McAfee GetSusp as well).


      Any advice would be greatly appreciated as everything I have found in the internet relates to removing this after it has infected your system and locked it up completely.


      System detail:

      Desktop PC

      OS - Windows 8.1

      Browser - Internet Explorer

      Anti-virus software - McAfee LiveSafe