With the number of ransomware infections constantly growing it’s become a good idea to create an additional administrator just in case.  Many of these randomware infections are infecting user specific registry locations and if you have an additional user already created you can still login with that 2nd user.   If you do not have a 2nd user then things can get complicated.  Most of these randomware infections have begun using various tricks to stop safemode from working.  There are times when safemode with command prompt still works but thats getting more and more rare these days.

If you find yourself infected and you do not have a 2nd user created you’ll probably have to resort to a boot disc of some sort.  From what I have seen most of the time the virus infection resides at C:\Users\usernamehere\AppData\Local\Temp and the startup method ranges from a simple user startmenu startup to the user shell registry entry at hkey_users\userhere\software\microsoft\windows nt\currentversion\winlogon\shell.