We recently found some "Help_Decrypt" files on one of our file servers as well as files that seemed to be encrypted. From that we have deduced that we are the victims of CryptoWall 3.0. I have installed MalwareBytes on all computers on our network running XP or higher and have not found the source of the trouble. We have several computers running Windows 2000 or 2000 server which is not new enough for MWB. My question is, how can I detect the source of the problem. Removing would be another issue but for now, finding (and isolating) the source is critical. Is there any way to detect CryptoWall on a computer besides an anti-virus anti-malware program? Searcing for a Registry Key? Searching for a particular file? Anything?
Perhaps someone will also know the answer to this question -- Does CryptoWall copy itself to other computers? Do I need to worry about it spreading to other computers?
Thank you so much for any insight and help.