These ransom-ware viruses have actually been around for 3 or 4 years.  They flared up back then, but then kinda died down for a while, but have recently re-emerged again and are a little more sophisticated.   Most come from eastern bIock countries.  I probably fix 1 or 2 per month and have for the past year or so.

The new version of the virus can be VERY difficult to dig out, if possible at all.   Most of the newer versions register themselves, so deleting infected files won't help.   Also, in many cases it loads a copy of itself into memory (RAM) at boot time, then rewrites itself back to the HD at shutdown.   This means even if you search for instances on the HD while the computer is running and delete them, it won't make any diff because a brand new version will be written at shutdown.   If it has already done very much damage, you may need to wipe the HD and reinstall Windows; a PITA, but sometimes necessary.     :'(

I have not see that one in a while, but I have always had good results with http://www.malwarebytes.org/

oldNslow wrote on 12/08/12 at 10:12:22:


Even tho that is a "last ditch effort", you're probably right.   The problem with "pulling the plug" is that Windows creates disk buffers when it's running called swap files.   These are files that are "virtual memory"; i.e., a place to store stuff temporarily.  If you shut down abruptly, the swap files disappear, so the next time Windows starts, there could be some problems.  This is one of those actions that will eventually cause your system to crash altogether (it's a WHEN not IF type problem!).   So pulling the plug (removing power) is a last resort to ANY computer, but may be necessary when the alternative is even more horrible.

The separate "boot disk" (there are several of these) mentioned earlier will successfully boot your computer, but only a diagnostic mode.   So it gets your foot in the door, but unless you have at least a fundamental knowledge of Windows, you are still infected with the virus and back at square one!