Malware / Virus
Most reports of malware or potential viruses are not actual infections and can be easily fixed, but it’s important to respond as immediately as possible when a user reports one. If the system is legitimately infected by any form of malware, it must be removed from the network immediately and be re-imaged.
If the user reports they were on a website when the message came up and locked their system, it is most likely a scareware page running in fullscreen mode, likely redirected from an ad, bad web address, or “sponsored link” in a Google search. This can always be fixed by opening Task Manager (CTRL + ALT + DEL > Task Manager) and ending the process for whichever browser is in use. When re-opening the browser, do NOT click the Restore option. Open the user’s History and remove the most recent pages to clear them from system memory.