New CryptoWall Infection

[REDACTED]

Hello - I have read everything I can find on this topic.  I got infected, installed Avast, ran a boot scan, installed anti-malware that was recommended on the forum, ran a scan, system automatically rebooted ... still infected.  Please advise.

[Eddy]

https://forum.avast.com/index.php?topic=53253.0

[Lisandro]

CryptoWall is a ransomware that, even when "cleaned" or removed, will let all your documents encrypted and ask for a ransom.
Did you install after being infected?

[Eddy]

Depending on the version of CryptoWall there are decoding tools for it to restore the files.

If the system is really clean, remove all encrypted files and restore them from a backup.
Ofcourse do a thorough check on the backup before restoring from it.

[Lisandro]

Indeed Eddy.
My concern is about Avast detection. I hope it did not miss the infection... (false negative). But we need to wait for the user to return and post.

[Michael (alan1998)]

I think he installed after the infection. Just my read. My issue now, is I don't think the new one is clean-able. The new version of Cryptowall (3.0) is it also uses Win32:Sality (or a modified version of that) and the REN command to rename the Executables. Once that is done, it'll inject the Source Malicious code, and once you run (What you think is your personal Documents), it'll just reinfect your system. Hopefully this ins't the case. If it is, well, sadly, a full reformat might be needed.