Yup...he's screwed. No doubt. Looks like burning it down and reloading everything is his only option. So...is there a best practice procedure for both erasing/formatting and then restructuring?

PS...if you DO know of something less drastic he could try, by all means pipe up.

His particular version is called "CryptoWall".

First, he should try installing and running Malwarebytes to clean his system.

i have had to help a few friends with this sort of thing.  I try the least drastic tactics first.  malware bytes is great, but typically is overwhelmed by this type of thing. Odds are good he will have to try multiple things.  This is the best rundown on removing it that i have come across so far:
 
http://www.bleepingcomput...ransomware-information

As far as I can tell, CryptoWall is not impossible to remove using standard antivirus programs, but it is impossible to decrypt the files it has already altered without paying the ransom. 
 
If your buddy decides to go the burn it down route, the surest way to go is to use a self booting full erase program like DBAN. http://www.dban.org/ That minimizes the possibility of hiding virus DNA behind the boot system of Windows. A Windows format would not eliminate all viruses. Note that there is a reliable report of viruses that can write to "incaccessible" regions of the hard drive and resist any software based erasure. http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/ So if you really really need to be sure there are no viruses at all on your computer, you need to buy new hard drives. 

It took me two months to get rid of a MBR trojan on my gf's computer.  It was impossible to do with windows.  i eventually was able to do it in linux

Thanks fellers. I'll forward this and all future suggestions to him. Screw the bastards that foist these things on us.

Here's unuseful advice for your friend, but a practical idea overall.

On a regular cadence (such as weekly) back up your whole set of hard disks on your computer to a rotating series of external drives with something like Acronis. A different external drive for different weeks, rotating in sequence.

Should this ransom thing occur just remove and throw away your computer drives, put in new ones and restore from one of your back up drives. Painless. Ransome-free.

And don't forget - stop visiting that sketchy website where you picked up the malware.

Yup...that's the advice I gave him. He didn't even have an anti virus program loaded. Or a hard drive backup. He will now. He got it, apparently, from trying to download a game for his young son.

yorolpal
Yup...that's the advice I gave him. He didn't even have an anti virus program loaded. Or a hard drive backup. He will now. He got it, apparently, from trying to download a game for his young son.

Downloads and emails are methods of delivery ((CryptoWall)). 
 
Thanks to your thread, I decided to read up about this Ransomware - Just recently read that the criminals upgraded Cryptowall to version 3 (Jan,2015), nasty stuff!  But if its caught in the most earliest stage, it can be removed easy enough, but once it gets in deep - encrypts files - that's bad news, AND it can also infect Drop Box files.
 
Anyway, I'm sure your friend will get his computer up and running as new soon.
 
 
 

Keep your DAW computer off the net