Cheshire Police scam virus

[AWS]

One of the User accounts on our home PC got the Cheshire Police scam virus (locks the PC and asks for £100).

The PC's Windows Update had been run a week beforehand, and Microsoft Security Essentials (MSE) was up-to-date and had a full scan a week ago.

The virus got through MSE without triggering any warnings, and locked the screen with the Cheshire Police scam.

Nothing responds in this condition (including Ctrl-Alt-del), and the taskbar is missing.

The current situation is-

1. Boot into the effected User account, and my desktop without any icons or the taskbar displays for a few second, then switches to the Cheshire Police scam screen.
    
   
2. Boot into the effected User account in safe mode with network support, and my desktop appears as 1 above.
    
   
3. Boot into the effected User account in safe mode without network support, and my desktop appears without any icons or the taskbar. Ctrl-Alt-Del brings up Task Manager, and I can Run explorer.exe and the desktop icons and taskbar appear, and Windows appears
   normal.
   
4. Boot into any other User account and Windows operates normally.
   

Actions I've taken to get rid of it-

 

1. When I first ran MSE from another User account, I removed a Java virus (unfortunately I didn't note it's name, but it's description said that it gave access to other people to my PC). After that, the situation is as above.
    
   
2. I've updated Java.
   
3. Now, I can run MSE in conditions 3 or 4 above and MSE reports no viruses....but I still get the Cheshire Police locked screen on the effected user account.
   

Solutions-

 

I suppose I could delete the effected user account and make a new one, but I'm concerned that this may leave some part of the virus or it's payload active, and would prefer to root it out completely. I'm somewhat puzzled why MSE didn't either intercept or

detect this virus.

 

Any guidance would be gratefully received.

 

 

 

View this thread