Aha! Although ESET SysRescue (run from a newly created DVD) said that it has the latest virus definitions, in fact the definitions file was dated some months ago. After connecting the infected computer to the internet from SysRescue again, this time new virus definitions were downloaded and a scan then found and removed multiple threats. I have now removed threats using ESET SysRescue, and a similar rescue DVD from one of ESET's competitors, as well as removing Windows Registry entries added by TorrentLocker. Do I now need to run a repair from the Windows installation DVD, completely reinstall Windows, or something else?
I tried to post a version this question yesterday, but without success. I need to clean a TorrentLocker (Cryptolocker-like)* infection from my Windows 7 laptop. The computer was infected despite Eset antivirus running, however I realised there was a problem and shut it down before TorrentLocker had encrypted all at-risk files on the hard disk. I have since booted using ESET SysRescue and run a scan, which showed no infection, although the original zip/exe file was still on the hard disk. (I have now deleted it manually using a linux-live CD.) I have not restarted Windows since. How can I be sure that the infection is gone before I try to retrieve files from backup and go back to using the computer? Is there any way to use ESET SysRescue to check in the most recent logs on the computer (as opposed to the ESET SysRescue logs) whether anything was quarantined or deleted before the computer was shut down? Your help is appreciated. *www.staysmartonline.gov.au/alert_service/message?id=1132172&name=New+ransomware+threat+for+Australia%3A+SSO+Alert+Priority+High+#.VHP2qcnDXSw www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/ www.isightpartners.com/2014/08/analysis-torrentlocker-new-strain-malware-using-components-cryptolocker-cryptowall/