Hello,
Just an informational post I guess. Working on no sleep and I know variants are out there but just in case.
Got infected with a cryptolocker virus, here are some differences I see from the information I read:
1. It is asking for a payment of $400 instead of $300, and only accepts moneypak and bitcoins.
2. There are two background processes running, with one consistently taking up 50% of CPU
-- The two processes are being seen as Skype broker IE add-ons.
-- I attached images.
3. One other thing I noticed is wording is slightly different as well. For example instead of saying
"Payments are processed manually, therefore, the expectation of activation may take up to 48 hours."
It says:
"Payments are processed manually after a review and can take up to 2 business days.
--- The loading/status bar animation on this screen is also pushed up a bit so its directly under the text instead of being in the center.
I have backups so can restore this PC and created another thread regarding prevention at:
- http://community.spiceworks.com/topic/470024-protecting-against-cryptolocker-on-a-windows-sbs-2003-domain-mixed-environment?page=1#entry-3170422
