ThinkPoint (Rogue)

Payload
ThinkPoint will first pose as a simple Flash Player updated, although when run it will display a fake Microsoft Security Essentials alert, claiming an Unknown Win32/Trojan has breached the system (which is rare in these cases that the legitimate one finds a trojan that is not known). The user will likely select "Clean Computer", which will recommend you "Scan Online". Once you've scanned online, and the software will supposedly recommend that you activate a Free Trial of "ThinkPoint" and the infected PC will restart.

The infected system will boot into a splash screen, with two options "Normal Startup" and "Safe Startup". Of course, Normal startup will not be available until you configure the settings. Once the user starts the scan, he/she will realize that Regedit and CMD have been unblocked, but it will still block task manager (unless the user finds a way to get past it's blocklist by copying the task manager application and renames it to where ThinkPoint won't detect it).

Once the user configures the application in such a way that they can perform an Un-Safe startup they will boot into Windows. The user may now proceed to remove the program.

Removal Process
1. When ThinkPoint starts, immediately press CTRL+ALT+DEL. Now select Task Manager and kill the process.

2. Now, start a new task "Explorer.exe"

3. From here, you can simply download Malware-Bytes Anti-Malware, and your system will be clean.