I think my computer was infected by both CTB Locker and CtryptoWall 3.0. Here are the events happened in order:
1. We first notice the computer ran very slowly.
2. The typical ransom page from CTB Locker showed up with 96 hours time window.
3. My husband thought that it was a regular virus and removed it with trend micro. But he did take a picture of the computer screen with the ransom page.
4. All files were encrypted.
5. I did some research and restarted the computer in safe mood.
6. After restarting the computer in the safe mood, saw the help_decrypt.txt on the desk top. It is a ransom note from CryptoWall 3.0.
7. A further search showed that CryptoWall 3.0 files showed in many folder with a time stamp around 1/25/15 8pm. With such folders, sometimes you can find the CTB Locker ransom page bmp file (Decrypt All Files uklqglj.bmp).
So my questions are:
A. How do I know that which files are encrypted by CTB Locker, and which files are encrypted by CryptoWall 3.0?
B. Is it possible that a file is encrypted twice by both malwares?
I originally intended to pay the ransom. But after discovering the co-existence of both CTB Locker and cryptowall 3.0, I am not sure whether even paying both would work for me.
Any help or advice?