Our network got hit by this last night. I was quickly able to detect which user/computer that it ran from, and have it offline. I also have determined which directories have been affected. I am in the process of restoring these directories from backup, so I'm thinking i'm in good shape here. I will most likely blow out the infected computer and start fresh with it.
However, I still am not able to determine how/where this user got infected. I have looked thru his email inbox/deleted items and nothing is popping out at me. we have tons of emails with pdf files normally, so I can't really pinpoint if one of the pdfs is the source or not. I can't find any tool or scanner that can detect the infection. I really would like to find the source so I can rest assured that it would pop up again from the same source. If anyone can help me, I would very much appreciate it.