ran antivirus; detected CryptoWall; i quarantined; can't find any damage

I ran CAV, as I do every day, it detected CryptoWall; I chose to quarantine it.
I’m not entirely sure what I should be looking for, but all my files in my Documents folder can be opened, edited, saved, etc. & I can find no evidence of encryption or mal"stuff.

On the next scan, it picked up icba.dll, and it was quarantined. I don’t know what that is supposed to do, but cannot find any damage there, either. That was on 5/12, and all clear since then.

Both of these were in the VTROOT appdatalocal temp folder for my administrator account, which is seldom used.

This is my laptop, which is networked to my desktop & my iPhone. The desktop scans clean in a couplethree AV programs. iPhone does not appear to have issues.

What, if anything, should I do next?

Thanks :slight_smile:

The files were in the sandbox (VTROOT folder) and were quarantined. The threat was contained and no documents were encrypted. I would say you were protected and no damage was done.

On top of that you scanned multiple scanners showing no infection. I would not worry. With what scanners did you scan by the way?

Thanks! In more than 35 years, I’ve never encountered a valid serious threat, largely due to my husband’s vigilance, but also because I don’t go odd places and click on random links. I wonder where this came from. Anyhoooo… between the two machines I have MBAM Premium, Avast Pro, Spybot, and of course Comodo. There are a couple others I may use from time to time that don’t play as nicely with others, and a few more narrowly focused utilities.

Appreciate your sharing your knowledge and time.

Security is always a layered approach for good results. The files caught might have been served by a hacked ad server for all I know (malvertising). It’s hard to track where they came from. What counts is that they caught, contained and quarantined.

For additional on demand scanners you can use Hitman Pro, Zemana Antimalware and Super Antispyware and TDSS Killer for rooktits.

That requires an exploit to get downloaded as a file? As when it can download it would be able to run without countermeasures?