Got a strange one for you, I wouldn't bother you all if I could find out more about this kind of scenario. Anyhow, we'll gloss over the fact that a machine important to a store was completely unsecured. Not so much as MSSE was installed which is how this predictably was hit by Cryptowall and possibly a second type of ransomware AT THE SAME TIME. This system is a Windows 7 Pro x64 box with SP1. I was instructed to try to salvage the installation because apparently the cash drawer software is a PITA to reconfigure. It now appears clean after running what I could, MBAM, EEK, Panda Cloud, MBAR, TDSSK, even Combofix. This thing is behaving strangely. Almost like the proxy server setting is set in Internet Options yet that box has been untouched. Certain on-demand scanners fail to download definitions and indeed entire websites fail to load such as download.bitdefender.com. I have repaired the installation of Windows with NO CHANGE to this behavior. A thought just occurred, I may try older NIC drivers as I have seen new ones through WU bork things. Anyhow, where would you guys look?
Thank you in advance!!
Update- Got it resolved, all negative behavior appears to have been cleared by Hitman Pro!! The machine is being taken back to get the registers working again. Then I will pitch the idea of backup imaging :D :D
Also of note: I believe this system was hit by both CryptoWall AND CTB-Locker! The HELP_DECRYPT files were everywhere but then files had random extension subfixes! Good thing the documents were not as important as the store software that doesn't have databases to encrypt.
Thanks to all who read my blathering!
Edited by LePatriote, 24 June 2015 - 07:05 AM.
Moved from Win 7 to Gen Security - Hamluis.