decorso

Yeah tech support gave this response : "We would suggest that you may post your current issue here for further assistance: https://community.kaspersky.com/" :) Not to worry. Yeah they've been hit 2x previous to this and we removed all admin rights from the users... other than the owner.. which has since been removed. Advice on not opening unknown emails, checking the links in emails etc had already been given.... Thanks for the links. I'll continue reading up and work something out. With the data lost on that machine I'm inclined to format and start again with all the settings turned to max. Part of the issue is not being able to point to something someone has done and say "here's what happened".... the office seem to think they've been hacked as opposed to being manipulated into opening the door so I'm guessing it's just a matter of trying to educate again and as you say - locking off what people don't really need and providing some pathway to what they do need but not regularly (ie install rights). Thanks for the response.

Greetings, I've raised a support ticket already but our network has been infected with Trojan-Ransom.Win32.Purgen. Subsequently we've lost local PC files that are not backed up which is unfortunate. However, what I want to as k here is how this infected our system. Does Kaspersky not scan files as they are downloaded? The Purgen virus/malware/trojan is not entirely new from what I can gather, so does it not have a signature that can be stopped when an end user does something to bring it into the network? The computer that was infected is no longer usable: I can't login to safe mode to try and disinfect anything. Is there another boot disk tool that can be used? Or is the safest thing at this point just to backup the files in the hope that one day they might be recoverable, and then format the machine? Thanks!