Well that was a waste of 90 minutes and frankly I feel bad at the outcome.
Computer was crashing the browser over and over when I got there. So I got into task manager and managed to find and kill the process responsible for all the popups. I couldn't seem to find any of the files that I wanted to delete easily but I did find the folder for green av and deleted those files.
Then I discovered it wouldn't let me download any anti virus or antimalware. Malwarebytes, spyware doc etc when I tried to download it said you must be logged in as admin to do that. Her brother swears there is no admin login. I tried 4 different logins including the one labelled HP(brand of the computer) and got the same message each time. Even running malwarebytes from my external HD was blocked.
At that point the computer crashed and I had to reboot it. So I rebooted in safe mode but couldn't seem to do anything, rebooted again and now the computer won't boot. It gets to the screen where it gives you 3 options, esc for a menu, F1 for a boot screen(but it won't boot from that screen) or F10 which is the system restore built in to the computer that restores it to how it was the day it came out of the box. They didn't want me to do that, so eventually he said he'd take it to his work and see what his IT people advised.
I called a buddy of mine who's in IT and he basically said they have to wipe and redo, probably easiest to just use the F10 system restore. He was pretty convinced I hadn't done anything wrong, just when I tried to download any protection, the virus simply did something that locked out the computer entirely. So they're actually worse off now than when I started because they can't boot the PC at all now so I feel bad about that but nothing I can do. They don't have the CD's so the F10 restore is the best option but they didn't want me to do it.
Definitely stay away from this one ,it apparently can be really destructive if given enough time.
There are things that can be done even if it won't boot.
It's probably going to be expensive though if they hire someone competent enough to do it, but you can boot using a CD and try and see if you can get any files off it they may need or want.
Then there are utilies that would allow you to edit the registry or even replace it with a clean copy that may be backed up on it.
Like I said it's too complicated to get into but wiping it out probably isn't completely necessary if they really don't want that done, techs say that all the time assuming people have backed stuff up, if you haven't like most people haven't then that's really a sucky option.
Depends on how badly it's corrupted the file system.
If you can boot it into Dos mode even then copy the files over they can spot you can get some uber important stuff off it but again it's not easy.
You can even remove the hard drive and then take it to an expendable computer and by a drive enclosure and see if they can see the volume on it and copy stuff over that way.
If it's just bothering the operating system and has destroyed that then if you buy the drive enclosure, plug it in to a computer you don't mind infecting, cause it could, then you could simply see if you can work with the files, the computer will have already booted up before you plug it in, the USB connection allows you to see the drive even though you didn't boot with it and sometimes you can get pictures and important files off it that way.
It really depends on what the virus attacked, if it corrupted the volume it's all gone, makes a difference too if it's NTFS or FAT, if it's newer it's probably NTFS.
If it's a FAT file it's most likely toast by now.
If you can boot up in a different operating system you might be able to see the files or it might have locked down the entire volume requiring a admin password you won't know.
You didn't do anything wrong though, that's what it's designed to do when messed with, they have sophisticated antivirus routines in them that won't let you attack it that way.
