CrptoWall 4.0 question

[BroncosFan34]

I have an odd issue that I ran into today on a users machine. On startup I get the Crytowall Ransomware instructions for Cryptowall 4.0. They pop up in html and image format and from my research it matches the 4.0 variant of the Ransomware.

What is odd though. I cant seem to find any files that are encrypted on the machine.
Also when I run MalwareBytes and Hitman Pro on the machine neither of them detect the virus.

Does anyone have any insight on why this is and how I can be assured that the virus isn't on the machine?
The only thing I can think of as to why the virus didn't succeed is because the machine was encrypted already using DiskCryptor and you cant encrypt what is already encrypted? That doesn't seem right to me though...

Any insight would be much appreciated.

 

[TwinHeadedEagle]

Hello,

We can check if this machine is infected:


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.