I work in phone tech support and just finished remote working on a PC that had Cryptolocker on it.
We got 2 calls tonight and here's what I did.
The customer did not try to open the file or click on it. She called me asap. I remoted into her PC and ran a rkill and mbam.
I took out all the prefetch and looked in the downloads and temp folders before deleting them. I found one strange file with an extension of random letters with .exe.exe at the end. I deleted it, and then all of the temp files.
I also did a system restore to a week ago. On reboot, the file logo was gone and a bmp icon was still on the desktop. I asked the user to pull all of the photo files she wanted to save off and be prepared to wipe the HD and reinstall her OS.Now we wait to see if it worked.She got the file in a strange email from a recent business contact, and she said it looked odd to her at the time. She deleted the email so I couldn't see it.
I hope this gives someone a few leads.
Edited by hamluis, 08 October 2013 - 05:42 AM.
Moved from Introductions to Am I Infected - Hamluis.