Security Essentials notified me that on our Server 2008 R2 system there were malicious files. These kept coming up quickly, so we disconnected the internal and external networks.
Cryptowall didn't finish running itself to encrypt all the files - it only encrypted some of them (which I can restore from a backup).
So the problem is locating the machine that is infected. We've been running regedit searches for "cryptlist" and have been running Malwarebytes on each machine and have turned up nothing.
How do we locat where Cryptowall is? I can't seem to find which specific machine has it.
Edited by becomethesignal, 13 November 2014 - 09:31 PM.