The webpage had a huge red screen saying it was ransomware and then a pop-up appeared (surprise!), for which she clicked on the x.... and then closed the browser.
I made several malware scans - deep. I had Webroot SecureAnywhere running several deep scans (no results of infection), I even had Malware Bytes (no infection), Microsoft Safety Scanner (no infection), and finally Windows Defender running deep scans. Turns out it was Windows Defender (who would of known!) that found the trojan horse Win32/Skeeyah.A!rfn (twice). I removed the trojan horse with Windows Defender, after having quarantined the trojan. I have not seen any signs of the trojan in nearly 12 hours...
So, I guess my question is: now what?
I already uninstalled Chrome (the trojan was embeded in the Chrome appdata), had my spouse change her passwords (I also changed mine), made some backups (just in case), and I made several additional scans with no results.
I am a bit disapointed that Webroot did not pick up on that trojan, but at least Windows Defender did... Though I wonder why it picked up on it twice, and now, no longer.
I found this information:
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_crypzablo.a
Looks like it was a ransomware trojan. I followed all the steps listed, included the registry checks, hidden files, etc., no traces.
Is it safe for me now to do online banking on my PC? I read some forums where people were advocating to basically destroy the hard drive, and re-install Windows completely.
Best answer by Baldrick
View original