Safeguard and disconnect your backup immediately, then reboot into safe mode! If your data is important but you have no backup, cut the power immediately and visit your local PC store or use another computer for further diagnosis. Do not attach a disconnected backup as you risk losing it...
How such can be counteracted, provided I have a registered internet security software.
PEBKAC; in other words, it cannot be counteracted because you have given permission to it. You might not be aware of doing this explicitly, as it often comes along another software installer or browser extension or similar. Usually, but not always, a weasel sentence in the EULA or a small line of text somewhere in the installer explains that this piece of software gets installed along.
I don't know why the particular Russian domain keeps opening.
There are only limited ways to have the browser open up a website:
- Browser extension or plugin
- Executing a command (by another process, service, task, startup item or opening a shortcut)
Which means that you will have to check your extensions, plugins, software list, msconfig, services.msc, task planner and browser shortcuts for anything out of the ordinary. A lot of these will have a visible entry in one of these locations.
However, some variants are tricky and damage your data; so, in order to be safe to run antivirus tools like RogueKiller, AdwCleaner, MBAM and a full scan with your virus scanner to further clean your computer. Search for virus removal and encryption questions on Super User for more information.
