Yesterday, I had to remove this piece of malware from a customer’s computer. He was using Windows 7 but even in safe mode with networking, this loads up immediately on logging into Windows.
When you try to access task manager or some antimalware programmes, such as Malware Bytes, even if installed from CD, the malware stops the programme and give you a choice of “Suspend threat” or “Purchase license” – so this is a classic case of a ransomware programme.
In order to stop the malware process, as task manager is blocked (or closed whenever you try to access it), you have to use another means. In this case, I used the Rkill tool, which runs in a command prompt window and shuts down known malware processes. Once you’ve done this, you can either manually delete the trojan, or run a programme like malware bytes.
It was interesting because Troublemakers agent loads up before and in front of the windows interface. Luckily in this case, it hadn’t downloaded a whole bunch of other malware.