View Full Version : Cryptoware text files on desktop

Hey guys, a co-worker received the email below earlier this morning and clicked on the links. (I removed them in this post so that no one clicks on it) When I got to his computer it had a text file about how to unlock my documents using Cryptoware and to visit their site to continue. I knew something had infected the computer so I started a scan with Super Anti-Spyware and unplugged the computer from our network for the time being. The scan is still going as I post this, so far it has found


What else can I do after the scan, thanks in advanced for any help, you guys have always been helpful.

From: billing.address.updates@ADP.com [mailto:billing.address.updates@ADP.com]
Sent: Wednesday, November 12, 2014 10:40 AM
Subject: ADP Past Due Invoice#43741632

Your ADP past due invoice is ready for your review at ADP Online Invoice Management. (Removed hyperlink)
If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Review your ADP past due invoice here. (Removed hyperlink)

Important: Please do not respond to this message. It comes from an unattended mailbox.

I have advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Thank you for that. As of right now I am scanning the infected PC with Spyhunter2 but the scan will not finish until late tonight. I can post the log tomorrow if needed. I will give an update tomorrow morning when I come back to work and check on the PC.

Not a problem.

SpyHunter by Enigma Software is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company's history of employing aggressive and deceptive advertising. It has since been delisted but AV-Test has not included SpyHunter in their comprehensive testing analysis that would reveal how SpyHunter compares to the best anti-spyware in terms of protection, repair and usability. The reason for this is that the publisher, Enigma Software, has not been cooperative in submitting SpyHunter for testing at AV-Test. In my opinion it is a dubious program which is not very effective compared to others with a proven track record and I would not trust all the detections provided by its scanning engine.

Further, I have read that some newer versions of SpyHunter apparently install it's own "Compact OS" and uses Grub4Dos loader to execute on boot up. The user no longer sees the normal Windows boot menu but instead sees the GRUB menu. For some folks this has resulted in SpyHunter causing a continuous loop when attempting to boot and other issues.

When searching for new malware or malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which misclassify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or using a free removal tool. SpyHunter (SpyHunter-Installer.exe) is one of the most common "so-called" removal tools pushed by these sites.

If you have downloaded and scanned with SpyHunter, any detection results should be viewed with suspicion.