Despite the many pages littered across the internet on how to remove ransomware, it would appear many are outdated or just plain mis-informed or wrong!.
The favourite idiotic advice is to "boot into windows" and "scan your computer" or "remove the file named "@*%$£" from the "startup" folder. All fine and well if you can actually "boot into windows" but most ransomware will prevent you from doing anything useful once you have booted into windows, and safe mode doesn't appear to be much better going on my own experiences!!.
Normally, the only thing I could get working when I was dealing with a computer infected by ransomware was booting into safe mode with "command prompt". Anything else just didn't work. So, here's a step by step guide for anyone infected with ransomware who cannot get into Windows or safemode to scan or delete ....
First of all, get to a clean computer and download RogueKiller which is a particular simple, yet extremely effective cleaner and can stop malicious services, unload malicious DLLs from processes and kill malicious hidden processes outright. Copy the "exe" file onto a USB stick, insert the USB stick into the infected computer and then restart it. As soon as the screen goes black (normally immediately after the computer is powered on) start tapping the "F8" button until you see the following options on screen ...
Use the arrow keys on your keyboard to navigate up and down and select "Safe Mode with Command Prompt" and hit Enter. Wait for the computer to display the command prompt on screen and when it does, type the following:
wmic logicaldisk get deviceid, volumename, description
You should now see a list of all the drives available on the infected computer, in our case the "removable disk" is drive "F" and so that's our USB stick.
Now type the drive letter of the USB stick, followed by the name of the RogueKiller file which should be "RogueKiller.exe" into the command prompt, like this:
You should now see the GUI for RogueKiller, like Fig 1.3 below. Wait for the "pre-scan" to finish, then hit the "Scan" button at the top right of the console. Once the scan is complete, use the program to delete anything you find suspicious, and certainly anything looking like a virus (i.e. trojans, etc). Once you have done this, you can shutdown the computer and restart normally and now you should be able to boot into Windows normally without the ransomware screen annoying you constantly. Download and install SuperAntiSpyware and MalwareBytes immediately, update them and perform complete scans using both, rebooting if required when prompted.
Feel free to use your own preferred malware scanner too, but personally I'd trust the above two most. If you are using Avast, perform a boot-time scan too, and at the very least, run a complete scan on your computer using your own antivirus scanner.
Finally, and as a precaution, it's advisable to turn off Windows restore to clear the restore points, then turn it back on again. Here's how ...
Windows 8 ... right-click at the screen's bottom-left corner and from the pop-up menu, choose "System" ==> Open "System protection" on the left pane ==> In "System Protection" tab, click "Configure" ==> To disable System Restore, check the "Disable system protection" and press "OK".