While it’s possible for an advanced user to get rid of the malware, less well-versed victims may be fooled by the pop-up. Many of them do look like real Windows system alerts. The user is informed by the malware that something has gone wrong; usually it’s an expired license or system corruption. The only fix is to contact support at an 800 number and get a “new license key,” which security form MalwareBytes did while investigating this new form of malware. The technician on the other end informed the researchers that a built-in TeamViewer feature could be launched by pressing Ctrl + Shift + T.
Yet another reason I make daily disk images to my NAS, and why everyone should run a very restricted basic account as their day to day account. Things like this are why Microsoft is introducing a new feature in Windows 10: Allow only Windows Store Applications. While it does provoke thoughts of Microsoft taking over and trying to kill Steam and all that jazz, it would theoretically block all malware not from the Windows Store. While we know that the iStore and Google Play are far from completely secure, it'd add another layer of security for day to day use.