Hi guys,
One of our clients have a nasty piece of Malware that's somewhat crippled due to policies we put in place preventing executables from running in temp directories, but it still creates random folders on the user desktop and possibly breaking an application.
After recreating the profile, the folders have returned 20 days later, but no more encryption attempts due to the policies.
See screenshots for the folders, owner is administrators so not much to go on there.
checked usual startup items in the registry HKLM and HKCU\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce
MSCONFIG and scheduled tasks, nothing out of the ordinary there
Ran Malware Bytes, Hitman pro, Malware Bytes Anti Rootkit but none find anything.
Let me know if there is anything else I can do, I have added the FRST and Addition files, haven't seen anything out of the ordinary in there, but I could have overlooked something.
Addition.txt
FRST.txt