I just want to clear some stuff up....
enjoy.
...In some cases you won't even be able to boot to safe mode.
That is true, depending on the situation this malware may indeed still run immediately upon booting even in safe mode, so you may need to boot from an unaffected disc, drive or system in order to remove it.
Quote:
I have even seen one computer that will not boot to the CD/DVD to do a re-image of the system.
There is no way this malware can prevent you from booting from a known-good CD/DVD, USB flash, HDD or any other drive for that matter, and it also can't prevent you from re-loading the system once you do. If you were unable to boot from a CD/DVD then other issues such as a defective disc, drive, or improperly configured system (e.g. BIOS Setup not configured to boot from optical before HDD) were involved.
Quote:
...It's pretty tricky to kill.
Actually once you can boot without it immediately running (try Last Known Good Configuration or Safe Mode with Command Prompt) this ransomware is fairly easy to find and remove, even with tools as simple as Autoruns or Malwarebytes Free. It's much less tricky to find and remove than a rootkit for example.
In any case, it is certainly far easier to prevent this from getting on your system in the first place than it is to remove later, so I do recommend disabling Java in your browsers to prevent something like this from getting on your system in the first place. Here are the official instructions for disabling Java in all browsers, it's easy to do (merely uncheck one box) and highly recommended: How do I disable Java in my web browser? this is the official link and instructions for disabling java
http://www.java.com/en/download/help/disable_browser.xmlNote that if you don't see the "Enable Java content in the browser" box to uncheck, then you should uninstall your existing Java version, then reinstall the latest version. With the latest version installed, you can then uncheck the box.
