I'm new to the site but it's been already very useful for me, so thank you in advance
Here is my story:
my computer (Windows 7 - 64bit) has been infected by some version of CryptoWall but somehow the malware has not been able to do much damage (yet), or at least so it seems to me. I'll try and be as specific as possible:
While browsing (Internet Explorer 11) I received a couple of red alert messages by my AV asking if I wanted to delete or ignore the file(s), and I chose "delete". After that, the infamous CryptoWall popup came out, with the all-too-well-known ransome note (actually I know about it NOW, after reading your forums, didn't know anything until yesterday). Immediately after the ransome note popped up, instinctively I pulled the plug of my Internet connection and closed every running application. The computer has NOT been online since then.
Then I deleted the ransome note files present on my desktop (by the way with filename "INSTRUCTIONS_74A474" - different from any other report I have read in the forums - and the usual three extensions) and checked the recycle bin: strangely, all the more recent items were gone (about 20 files), and only the oldest 3 items were remaining, along with the three ransome notes I had just moved to the bin.
Then I performed a full cleaning by running CCleaner. Now I really hope this was not a bad move as far as finding the malware is concerned.
Then I looked for more ransome notes in my computer, finding some only in the local disk C: directory and in the Appdata/Roaming/Microsoft/Windows/Start Menu/Programs/Startup directory. The latter was empty apart from the three ransome notes. I do not know whether there was supposed to be something there but I guess so. I cannot exclude that other ransome notes could be found elsewhere but I did "look around" quite a lot without finding more of them.
Now here is the most important piece of information: no single file on my computer seems to have been encrypted. This was confirmed by running ListCwall (as found on your site). Using USB keys also does not trigger any encryption whatsoever, so that I have been able to use an old USB keys to move anti-malware programs from my wife's laptop to mine.
Malwarebytes Anti-Malware (database updated offline at 2015.12.31) found only one item: PUP.Optional.Installbrain.
-> while it was running I could see there were a lot of objects under the pattern programdata/microsoft/crypto/RSA/S-1-5-18, but now I guess this is not relevant, or is it? (seeing the word Crypto was enough to shock me...)
What do you think might have happened? Did my AV stop the CryptoWall infection or was it me pulling the Internet plug? Some damage has been done for sure (Recycle bin partially deleted and possibly Startup directory as well, ransome notes here and there), but the malware cannot be found - and thus fought - by the standard abti-malware programs.
I am afraid that the malware will start encrypting my files the minute I go back online. How realistic is that in your view?
Sorry for the long post, and for any information which should still be missing.
Thank you in advance for your help,
PS: since USB supports are not affected I should be able to make all the necessary backups in the meantime.