Writing in his security blog last night, Boyd - aka Paperghost on Twitter and other sites - says that the `Windows Trojan Removal Kit' effectively hijacks users PCs using the ThinkPoint Rogue malware.
This malware, the Sunbelt Software/GFI Software researcher says, only has a close to 50% detection rate in the IT security software stakes.
The file, he says, is currently being offered up by your typical 'fake security scan' pages, such as microsoftwindowssecurity152(dot)com.
"Those familiar with this particular rogue will be aware that it tends to stick with domains similar to the one above", he said.
Installing the executable can potentially give you a bit of a headache, he goes on say, with what would appear to the average user to be fake 'Blue Screens of Death' and payment nag screens.
The good news is that Boyd has posted details on his blog about to workaround the supposed locked up desktop and how the malware appears to be flagging itself as Trojan.Win32.Generic.pak!cobra, a malware infection that was originally discovered at the start of this year.