It's a real shame that people are not more educated as far as what to do when they are about to get a computer virus. Any of my clients know, if there appears to be a virus and they don't know the proper action to take, immediately turn off the computer by holding the power button down and bring it to me, or wait for me to get out there.
But, it's simple enough, especially as viruses aren't made like they used to. People don't put pride in their work anymore, says a lot about the generation, really.
That aside though, there is a very simple way to remove "extortionware" (as it's lovingly called). Extortionware is a type of virus/malware that resembles an antivirus in the middle of a scan. It is not installed on your computer, at it's initial point it is just displaying a graphic, waiting on you to click somewhere and activate it, which further compromises your machine.
Immediately on noticing it, Alt-Ctrl-Del and open the Task Manager. Look for the program that is runnings name and write it down (both it's full name listed in the running program's window, the one listed in the Programs tab in Task Manager and the one listed in the Processes tab). Right click the program, and select Go To Process. The process will be highlighted, so right click the highlighted process and select End Process Tree. Not done yet though - there's a few more steps to ensure you're secure. There is a program called CCleaner, it's awesome. Download it, install it, and open it. Click on Options, Advanced, and UNcheck "Only delete files in Windows Temp folders older than 24 hours". Now, use CCleaner to clean your computer of temp files. After it is done, recheck what you unchecked before exiting the program. Next, go to run and type msconfig. Remember when you wrote the name of the program down earlier? Reference back to it. Select the startup tab, and look for the file's or program's name. If you don't see it - good. If you do, uncheck it and hit apply. Now, using the Windows search function, search for the file and program name, including in your search hidden and system files, deleting them and writing down their location on your hard drive. If you are unable to delete the file due to it running, and you are unable to stop it from running by killing the process tree, MBAM has a function called FileAssassin, which can easily delete running programs. Lastly, run RegEdit, and use it's internal search function to look for the file or program you wrote earlier and remove any registry keys that you are 100% positive are keys written by the program in question (after of course, writing down the entire registry key and it's location). When you're finished, run MalwareBytes AntiMalware on a full/complete scan, and then whichever security program you prefer on a full/complete scan and you should be clean of it. After scanning, reboot and check MSConfig's Startup tab again to ensure that it isn't there after the reboot. If it is there again or if you see something that looks completely out of place, repeat all of the steps until it is clean.
The most important tool is a pen and paper, don't forget this, and write everything down and cross reference it via multiple sources. It's a measure twice and cut once kind of thing.
If you aren't sure about the name of a file, application or registry key, you can use google to identify it and ensure that it is a foreign program, and not required for your system to function.
If you aren't confident in what you are doing (as you can make problems worse by messing it up) - take it to someone who is either incredibly fluent with computers or to a tech.
It's relatively simple enough stuff when you know what should be there and what doesn't look like it should be there.
