Hi all-
Yesterday I was asked to help with a CryptoLocker infection of a LinkedClone Desktop. Boy, this is a nasty one! The infected desktop had, in fact, encrypted the entire network share that it had rights to. Although the infection was isolated, everyone's work was affected. Fortunately, all of the files were protected with backups.
I had thought that doing a "desktop refresh" of the infected linked clone would also remove the infection (as it would any other user-installed app), but it did not! After refreshing the desktop, the Cryptolocker infestation remained.
Does anyone have any wisdom on why desktop refresh didn't remove Cryptolocker?
-John
The Invisible Admin