Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cryptoware text files on desktop

  • Please log in to reply
2 replies to this topic

#1 mbg0506


  • Members
  • 2 posts
  • Local time:09:19 PM

Posted 13 November 2014 - 11:41 AM

Hey guys, a co-worker received the email below earlier this morning and clicked on the links. (I removed them in this post so that no one clicks on it) When I got to his computer it had a text file about how to unlock my documents using Cryptoware and to visit their site to continue. I knew something had infected the computer so I started a scan with Super Anti-Spyware and unplugged the computer from our network for the time being. The scan is still going as I post this, so far it has found




What else can I do after the scan, thanks in advanced for any help, you guys have always been helpful.




From: billing.address.updates@ADP.com [mailto:billing.address.updates@ADP.com]
Sent: Wednesday, November 12, 2014 10:40 AM
Subject: ADP Past Due Invoice#43741632

Your ADP past due invoice is ready for your review at ADP Online Invoice Management. (Removed hyperlink)
If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Review your ADP past due invoice here. (Removed hyperlink)

Important: Please do not respond to this message. It comes from an unattended mailbox.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,771 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:19 PM

Posted 13 November 2014 - 04:49 PM

I have advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mbg0506

  • Topic Starter

  • Members
  • 2 posts
  • Local time:09:19 PM

Posted 13 November 2014 - 05:42 PM

Thank you for that. As of right now I am scanning the infected PC with Spyhunter2 but the scan will not finish until late tonight. I can post the log tomorrow if needed. I will give an update tomorrow morning when I come back to work and check on the PC.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users