The person who brought it to me claimed they had a friend who was using their computer yesterday, but I suspect the infection was probably on their system for awhile (most of the screenshots of Cryptolocker I've seen have been at least 50+ hours). I noticed there's a VV72 number in the top left, is this a variation #.
Where to start next?
Since the system (Windows XP) is a Dell Inspiron 2400 that probably only has a 40GB HDD inside I was thinking I would just replace his hard drive, reinstall using his license on the new drive and we'd ditch his old drive. The person was okay with this idea since much of their work is attachments in their Hotmail/Outlook email. (thinking some of them might be infected). But I'm posting here for interest sake and willing to do some troubleshooting for the sake of giving back and furthering research.
Edited by Queen-Evie, 24 April 2015 - 04:08 PM.
moved from Malware Removal Logs to General Security