ttpugfoj.exe

[The_Evil_Dr_R]

File came as a What's App VM message email. Download the .zip file, it runs an exe that installs a fake AV program. This file then locks the system, prevents opening task manager to kill the process and it was a bear to locate. Avast ~and~ Spybot say the .exe is totally safe, and I guess it more or less is, because it only opens the door for malware via websites - a process Avast did block. If I were a normal user, I'd have totally freaked out about the 32 or so critical malware detections it indicated.
I found the name of the file because it sits in the notification area and shows the file's name. I finally managed to kill the process by logging on to another user account, opening Task manager in it, showing all processes for all users and was able to terminate (with extreme prejudice), this nasty little critter. Then I had to hunt it down manually, as it hides itself in \AppData\local from the Windows search util and am now shredding it.

Just noticed in my FF downloads file that this malware is associated with bestholidaystoindia.com.