Hi, my issue happened on a Windows 10 laptop on the 12th of this month, the same day the wannacry ransomware was running rampant.
I was on the usual sites (netflix, reddit, tumblr) when Avira blocked and quarantined a file with the pattern TR/Kryptik.aona. The exact message was "Access to file 'C:\Users\...\79B24211F213E00AE7AC59E555820F5CE4635BBC' containing the pattern of 'TR/Kryptik.aona' was blocked. We moved the file to quarantine."
Checking quarantine revealed two files like this, plus a file marked as suspicious. The suspicious file is "C:\Users\Karli\AppData\Roaming\sp_data.sys". The "TR/Kryptik.aona" files were located in "C:\Users\Karli\AppData\Local\Mozilla\Firefox\Profiles\1vndxchs.default-1440887755479\cache2\entries\...". I hadn't made any changes to my computer or installed anything before this happened.
I scanned with Avira and MBAM right after, then again in safe mode, but found nothing. I ran CCleaner after all of this. Was this a failed wannacry infection attempt, or a separate virus altogether? I'm worried that it's the latter, and the virus is still on my computer.
I made a backup on an external HD a week prior to this, and a backup on OneDrive right after all this happened. If my computer is infected, are the backups infected, too?
I don't know if this is related, but I'll mention it anyway just in case: At the end of every scan since late February, Avira notifies me of a file "C:\Users\Karli\AppData\Local\Temp\tmpF91D.tmp" giving me the message "[WARNING] The file could not be read!". I assumed it was related to a tech editing my computer's registry when I took it in for repairs, but now I'm worried this may be part of TR/Kryptik. Is this file related, and would a virus really stay dormant for months before finally doing something (or trying to)?
I've tried to include everything I could think of, but if you need any more information, please just let me know.
Thanks for any help or advice anyone can offer.