I had this hit me. I reset the registry using the “restore” feature in Windows 7. Start in safe mode, then just reset the registry to a version previously saved. I went back 3 months.
Hope it helps somebody.
That might stop the virus from running on startup, but it won’t decrypt any files that the virus has encrypted already. It seems to target Word and Excel files, and Adobe PDFs in some variants, and will even encrypt networks shares, if the infected computer has enough permissions to modify files across the network.
Luckily, the virus author did not set the virus “warning” message to display only after the encryption routine finishes. So, if you eliminate the virus as soon as you see the pop-up, you can probably stop it before it gets through all of your files.