I have just fallen foul of a Ransomware virus.
Initially I had a screen that kept popping up that displayed the title "Online Agent" in the top right corner.
any attempt to close the screen resulted in it popping up a few moments later.
at the same time, all my files with common names (jpeg , mp3 etc) are encrypted with an extra .html extention
for instance demo.jpg.html
I booted into safemode, is seems that all my restore points have been deleted/ancrypted so no system respotre options.(in safemode there was no pop up)
clicking on any file leads me to the following....
I have managed to get back to my normal windows setup (to some extent) by deleting a TSTHEME file using the Emsisoft Emergency Kit product which has a tool called Hijack Free , I used this to turn off options until I got to the theme, which now allows me to open windows without the popup.
however, the encryption part of the virus is obviously still working, all the new shortcuts, log files etc that I made in the last boot have now ALSO been encrypted, meaning I can't shed much light on what the file location was etc.
Please please help as I am away with limited resources to help myself.
Edited by nasdaq, 16 May 2013 - 07:47 AM.
Bad link obfuscated.