ThinkPoint
ThinkPoint is a malicious computer security tool that is being promoted via fake Microsoft Security Essentials Alert. Previously, this alert is endorsing only five (5) application but recently it included Think Point as an addition to the family. To get users attention, this unwanted program will pop-up a security window and scan viruses on itself instead of your legally installed AV program. After that, several dozens of Trojans, viruses and spyware will be displayed attempting to scare computer users. This is an attempt to persuade the into obtaining the registered version of ThinkPoint Antivirus.
To get rid of annoyances brought about by this fake AV software, you must first remove ThinkPoint itself. Only an effective anti-malware program can detect and remove compromised files from the computer and totally render it clean and bring back to its previous normal working state. Just follow the remove procedure stated below and remove ThinkPoint completely.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of ThinkPoint Infection?
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\hotfix.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “tmp”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\thinkpoint.exe”
The threat will drop the following malicious files:
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Local Settings\Temp\[random]
How to Remove ThinkPoint Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. End ThinkPoint Process
- Press Ctrl+Alt+Del from the keyboard to open Task Manager
- Go to process Tab
- Select ‘hotfix.exe’ and click on End Process
- Close Task Manager
3. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
4. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
5. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove ThinkPoint
1. Download and run Removal Tool to remove this computer threat.
Antivirus Solution 2010 System Tool 2011
I did all this things and are already removed with malwarebytes and ad-aware,and I don´t have internet and tried with task manager and iexplorer.exe says don´t find it and explorer.exe is the malware-aware…the network connections have disappear, what can I do?
It won’t let me into Task Manager and I don’t have the task bar so I cannot get into Start-Run to even clean the registry. I am at a loss. Guess I’ll have to restore. Does anyone have any other ideas.
don’t worry ,
think point is a virus that is fully fraud and show world leading security on a blue screen with two mode due to which u unable the any program so please relax and follow these step confidentally ,….
1> restart your computer.
2>press f 8 again and again now u have a black screen with many attributes
3>select command prompt with the help ur keyboard then enter
now u on the command prompt
4>type c:
5>type attrib for see your c attributes
6>attrib -r -h -s hotfix.exe enter
7>delete hotfix.exe enter
hotfix.exe is a file in your c documents and settings\ application search in c manually that is a virus
if these 7 step doest work then
>>>>write control on command prompt>now u have desktop screen and control panel go in my computer /c documents and settings /applications or may be any name and delete hotfix.exe
then restart your PC and press f 8 open window in normal mode scan with antivirus and enjoy
please if this work properly then mail me at monutg89@gmail.com
your PARSHANT TYAGI ROORKEE
i tried to open task manager to get to the Internet but it is not there, what do i do?
Could you explain steps in the command prompt better.
I’ve got some serious weirdness going on with this. I managed to figure out the hotfix.exe removal but the think point logo keeps popping up every two days or so, but unlike the normal warnings that pop up, everything is fully functional, task manager, firefox etc. Oh yeah, Malwarebytes really didn’t work. I ran it and told it to kill everything, but I’m still stuck with thinkpoint.
I’ve tried over and over again to delete this virus. Only now when I start-up my PC and press f8. It just doesn’t work, I get an empty black screen with nothing in it. Have no idea what to do. (the other options like f10 f11 still work though)
I use all the first steps but it did not pan out
Actually THINK POINT disables task manager and Internet Explorer and regedit
so you cannot use DEL+ALT+DELET niether Ctrl+SHIFT+Esc
but to now or to find a way to kill the hotfix process use tool named HajackThis and after running click on “Open the Misc Tools section”
after then choose
open process manager
find hotfix
kill the process
and
every thing will be fine.
I have followed the procedure outlined here and am fine up until you say to
3. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
I can not do this as there IS no run button once I stop the hotfix.exe. there is nothing except a black screen with safe mode in all 4 corners. What should I do?
Thankyou very much, it’s work with automatic removal way.
I have click think point but my system will not started & no show Internet & please tell me what I do?
hey I did everything here and I even deleted the hotfix.exe and ran malwarebytes afterwards. However, I still don’t have an Internet connection. I restarted my computer many times and used the troubleshooter constantly, but still nothing.
I have Windows 7 64bit on a Toshiba satellite laptop.
I have deleted the virus but its effects still seem to linger.
Hh and it says that i have an excellent connection but when i open up IE it says that it cant connect. i tried other browsers like Chrome and Firefox but still same result.
IMPORTANT!
After you kill the hotfix.exe from the task manager, be sure to go to File>New Task(Run…) and type explorer.exe.
This will get you back into Windows to be able to get to the registry.
Hi I have done the first two part but the 3rd part is the problem now, the ‘RUN’ ain’t showing up so the page is just black with SAFE mode written on the 4 corners of the page
someone has installed thinkpoint I cant do anything all I get is the buy page I cant ctrl alt delet or ctrl shift esc no menu just the pay page how do I get rid of this with paying someone to do so for a arm and a leg
Thanks a million for helping me solve my worst nightmare. Thinkpoint is so proud a virus…. I appreciate….. Kisses 2 all of you.
Thanks a lot my friend, I can use my pc again.