I need some help here to ID and remove some ransomware that has been stopped by Cybereason.
I was cleaning up my Windows 10 Pro computer and ran Temp File Cleaner. I noticed that TFC had cleaned up 2 user profiles that I didn't recognize and when I went to investigate those accounts, I found that there were hidden. Upon, getting into these account folders each has 10 items in them, 1 file with each extension: .doc, .docx, .xls, .xlsx, .jpg, .sql, txt, .mdb, .rtf and .pem.
When I went to delete these directories, Cybereason caught and stopped the Ransomware Infection. However, it didn't tell me what the Ransomware is or how to remove it. The user folders then changed their names and the files in each changed their names.
I also found 2 more hidden, randomly named folders in my "Documents" directory.
I have run Malware bytes, Eset Online Scanner, Kapersky TDSS Killer and Trendmicro. My computer is running Trend Micro's Worry Free Business Security and none of these have caught or identified the mystery directories or files.
Update. I ran Spy Hunter and it didn't find anything. I booted it into a Linux OS, went and deleted the 4 mystery folders. When I booted back into Windows 10 all 4 folders were back with different names.
Thanks in Advance.
Edited by Mako1138, 18 September 2017 - 10:03 AM.