He can reboot his computer in safe mode and look at both the StartUp items and the run entries in the registry (might be best for him to run msconfig to do this) and find the name of the software. It will be <random letters>.exe. Delete the places in reg/startup where it is and then go and delete the file.
---- Julian On Sun, Mar 31, 2013 at 8:24 PM, Bobby Heid <bh...@sc.rr.com> wrote: > Hey, > > > > My brother-in-law just called me, He is apparently infected with the > reveton ransomware by citadel. He has the one with the FBI warning that > all > of his communications are being monitored by the FBI. It says he needs to > pay $300 for them release his pc back to him. I tried to get him into safe > mode (with networking), but the ransomware has that blocked also. > > > > My quick research online basically says we need to download stuff and burn > an image onto a CD/DVD/USB. I am 300 miles away from him and they are not > technically able to do what is needed to clean it. > > > > Anyone have any insights into this malware so that I might help them? I > basically told him he needs to take it somewhere locally to have it > cleaned. > > > > Thanks, > > Bobby > >
