Hi. Today at 10:55 I noticed that I had two files in the directory I was working in that had long (30 character +) meaningless alphanumeric names with .LOCKY extensions. I noticed that they had been created at 10:52 but at that time I was unaware of the significance of the name LOCKY. Within a couple of minutes I realised that I was possibly infected by the LOCKY ransomware and was looking at how to remove it. Now about 90 minutes later I am confused and don’t know if I am infected or not.
Firstly at this point 90 minutes later I have not had a ransom demand and I appear to be able to access my files – so probably not infected? Also I have looked for entries in the Registry associated with LOCKY based on on-line information including Susan Bradley’s recent article – again I appear to be clear.
So why am I worrying? When I search my computer I find over 400 files with the .LOCKY extension and all of them were generated between 10:52 and 10:54 today. I select them all and delete but it takes two attempts to completely remove the files because about 50 files remain after the first deletion step. Within 2 minutes it appears that all the files are back. The file names are as I said extremely long alphanumerics but all the files times were again 10:52-10:54 so almost certainly the same files. Obviously this is disturbing although at the moment it is an irritation rather than a serious problem.
I am now being bombarded by messages that files are being added and removed from DropBox.
OK anyone know what might be going on? I think I must be infected but by what? I should say that I have mcAfee installed and it is up-to-date and I have also run Malwarebytes antimalware without it finding a problem.