My Mum got this exact thing the other day.

Safe mode and with networking it proceeded as normal so I did safe mode with command prompt, typed explorer, USB stick from my laptop with malware-bytes installer and did a full scan. Seems to be gone now. Pretty annoying though.

My parents got hit ages ago with one of the fake anti virus infestations, but that's about it. Was about to remove and carry on.

Apparently some recent versions can block Safe Mode too, luckily for me not in this case.

Best recommended solution if that happens is to use a Kaspersky Rescue or similar live boot disc.

We had quite a few of these police things happen to staff but they only ever affected that particular user(standard account) so I could just log in as an admin and clear them. One manager actually paid the 100 quid thinking it was genuine! A quick browse through his IE history told me why he was the only one out of the 100+ users to fall for it

Might be a good time to lock down said account(s) and use admin when necessary with 'Run As...', although this can be a real pain in a home environment.

With Live CDs, I'd be careful with Linux-based stuff as a Linux-based AV program usually won't differentiate between a Windows system file and a regular file and you could bork the installation even further if it goes on a deleting rampage. I have a BartPE XP Live CD I use for emergencies as it's always best to use a Windows-based clean-up tool for this reason.

Malwarebytes' Anti-malware is very good in a stitch. It restores fiddled registry entries(e.g. when the registry key for the .exe extension is edited so any .exe file is sent to the trojan first before running - those trojans that tell you programs like cmd, regedit and taskmgr are viruses do this) plus it has a groovy Chameleon mode where it renames the program's name and extension - .exe, .com, etc - to try and prevent the trojans from blocking it being run.

I like Avast because, last I checked, it was the only decent free AV that did proper boot-time scanning(scanning done before Windows actually loads - light blue screen with white writing similar to when it does a chkdsk after a dodgy shutdown).

Anyone on Vista/Win7 can run a command prompt from the F8 System Repair menu. You'll have access to your USB drives, etc, and can run command-line apps(including any AV software that has command-line scanning and doesn't need to be installed, like MS' malicious software removal tool). I don't think windowed stuff works, though.

Most vulneribilities come the likes of Adobe flash player, acrobat reader and Java rather than the browser/OS nowadays. Having up to date AV and patching the OS simply isn't enough anymore.

I use the Secunia's PSI software (FREE!) to keep all my other software fully patched - used it for years now and never had an issue. Link here:

http://secunia.com/vulnerability_sca...%2Fproducts%2F

I've also stopped using Adobe Acrobat Reader and instead use SumatraPDF which is a very lightweight and quick PDF viewer compared to Adobes bloated and vulnerable product.

I used the Avast boot time scan afterwards but it was Malwarebytes (Free) that once I'd restored my computer I used to dentify and delete the Winlock trojan files.

Interesting what you (billy_dimashq) said about the potential problems of using a live boot disc. Kaskpersy RD10 and it's Windows Unlocker tool are recommened for dealing with this type of attack. I've actually only just downloaded and burned a copy to help in any future cases which I sincerely hope doesn't happen anytime soon..

But I'd not come across suggestions for an alternative, so thanks for the info.

I don't use AV on my desktop personally, and I had the version that worked even in safe mode but having to load explorer manually seemed to prevent it from booting (safe mode with command prompt). Seems someone had installed some BT version of McAfee on my Mum's laptop and it was out of date. Uninstalled that and shoved on Avast!, hopefully it's sufficient in future.

Good call on SumatraPDF too, it has replaced Foxit Reader for me.

Can I just say this is the best virus-related thread opener ever: