I am suffering the same problem. A user seemed to have got the virus via email last night/early this morning and not only are EVERY file on their laptop corrupt (Office files, photos, PDFs) but as that user had access to network shares all files within the folders they had access to are also corrupt.
Same as, I had backups from last night, but the hassle is the restoration
My concern is
- how did the virus get onto the Exchange server, then to the user mailbox when the server is running eSET Mail Security and was up to date
- why did the user laptop allow the user to open the email attachment when they were on Endpoint AV 5 and up to date?
From reviewing logs on ALL internal computers and also on the server, it seems the virus that came in was Spy.Zbot.AAU trojan