Hello and sorry for the cross-post. I didn't get much joy on the General forum.
I suffered the infamous Metropolitan ransomeware infection today. After a lot of reading and restarts I managed to track down the source of the infection: it was not in HKLM but in HKCU under CurrentVersion.
To cut a long story short, I did the following (all in Safe Mode):
1. Found and deleted the infection using Malaware
2. Found the infected regedit key and removed it
3. Removed the responsible startup item from msconfig.exe
Despite all this, the machine kept hanging when I tried to start it up in Normal Mode. So then I resorted to a System Restore at a point about a week ago.
At first sight, the machine seems to be okay - running a bit slowly and some applications crashing. Eg. Soon after coming back online in Normal Mode, I tried installing Microsoft Security Essentials but it keeps crashing.
So my question is: should I be concerned that the malware still lives on after the restore? Should I just bite the bullet and do a full OEM recovery?