Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, October 18, 2010

How to remove ThinkPoint (Uninstall Guide)

Tell your friends:
ThinkPoint is a fake anti-spyware application that pretends to scan your computer for malicious software and then deliberately reports false system security threats. It's distributed mostly through the use of fake online scanners and some other malicious websites, so clearly this program is not legit. ThinkPoint masquerades as a legitimate security product from Microsoft called Microsoft Security Essentials. Once installed on your computer, it will list numerous problems and claim that you should fix them immediately. ThinkPoint will state that you need a heuristic program to fix the problems and it even offers to sell one for $99.90. Please don't purchase Think Point. This program is fake. It won't fix your computer because there actually are no problems except the ThinkPoint itself. If you are reading this article then you probably got infected with this malware. Thankfully, we've got the removal instructions to help you to remove ThinkPoint from your computer for free using legitimate anti-malware software. Please follow the removal instructions given below.

ThinkPoint graphical user interface

(Thanks to rogueamp)

First of all, you will see with the fake Microsoft Security Essentials alert. The fake alert will claim that Microsoft Security Center has detected the submitted file as "Trojan.Horse.Win32.PAV.a". Finally, it will state that you need to install ThinkPoint solve the problem.



If you choose to continue, your computer will restart, but it won't boot all the way to the Desktop, even in safe mode. The rogue program will hide all the desktop icons and taskbar. A program labeled ThinkPoint will show up.



Then it will run a fake system scan and you won't be able to stop it. After the fake scan ThinkPoint will list numerous problems on your computer. If you choose to install the full version of the program with required modules you will be taken to the pay page of ThinkPoint.

ThinkPoint will block nearly all programs on your computer. It will block task manager and other system tools as well.
The application taskmgr.exe was launched
succesfully but it was forced to shut down due
to security reasons.

This happened because the application was
infected by a malicious program which might
pose a threat for the OS.

It is highly recommended to install the
necessary heuristic module and perform a full
scan of your computer to exterminate malicious
programs from it.


However, there is a way to disable this virus. After the ThinkPoint screen loads push the command CTRL+ALT+DELETE quickly. This will bring you to task manager. Open the tab called Processes, find the process hotfix.exe and end it. The rogue program should be gone now. Next, you need to bring your Desktop and taskbar back. While in task manager go to File and select "Run new task". Type explorer.exe in the open box. This will bring back Windows explorer. More detailed instructions are given below. At this point you should be able to download anti-malware software which will remove ThinkPoint.

Without a doubt, ThinkPoint is a scam. Don't fall victim to this bogus security program. If you have already purchased it then you should contact your credit card company and dispute the charges. Please note that this rogue program may come bundled with Trojans that can download and install additional malware onto your computer. So, you should remove the rogue program as soon as possible. And, of course, it's always a good idea to scan the computer with at least trow anti-malware programs. By the way, your pictures, music and other files should be safe. ThinkPoint doesn't delete files. It's just a very annoying program. Last, but not least, if you have any questions or additional information about this virus, please leave a comment. Good luck and be safe online!


ThinkPoint removal instructions:

1. Restart your computer. Once the ThinkPoint window comes press Ctrl+Alt+Delete or Ctrl+Shift+Escape. You should now see the Windows Task Manager screen as shown in the image below or a screen where you can select the Task Manager to be run.



Click on the Processes tab. Then click and highlight hotfix.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes (or press Enter). This will close the ThinkPoint program.

2. While in Windows Task Manager, click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK. Your desktop and icons should start up as normal.



NOTE: if you got an error message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them", then please run this command first:

cacls "C:\Windows\explorer.exe" /G Everyone:F



A new windows will come up asking "Are you sure?" Type Y and press enter.



Now run explorer.exe again.

3. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is  important because if you won't fix this entry, then your Windows Desktop will not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer.

4. Download and scan your computer with recommended anti-malware software to remove ThinkPoint virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator.


ThinkPoint associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\[User Name]\Application Data\hotfix.exe
  • C:\Documents and Settings\[User Name]\Application Data\[SET OF RANDOM CHARACTERS].bat
  • C:\Documents and Settings\[User Name]\Application Data\install
  • C:\Documents and Settings\[User Name]\Application Data\start
For Windows Vista and Windows 7 users:
  • C:\Users\[User Name]\AppData\Roaming\hotfix.exe
  • C:\Users\[User Name]\AppData\Roaming\[SET OF RANDOM CHARACTERS].bat
  • C:\Users\[User Name]\AppData\Roaming\install
  • C:\Users\[User Name]\AppData\Roaming\start
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = %AppData%\hotfix.exe
Share this information with other people:

460 comments:

«Oldest   ‹Older   1 – 200 of 460   Newer›   Newest»
Anonymous said...

Thank you. I just wanted to thank you for saving my computer. I went in safe mode and deleted HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\hotfix.exe" file. Then i was able to access system restore in safe mode. May your life be blessed.

Anonymous said...

Great Documentation! This saved me. I appreciate you creating this step by step document.

Anonymous said...

Thank you so much for saving my laptop and saving me so much time!!

Vince said...

This information was very helpful in removing this malware fake security program. Does anyone know where this is originating from?

PuterGrl1 said...

This is program is horrible to get rid of. It definitely wants to take over and it looks like a MS program which is what throws you off. Thanks to everyone for all the great info!

Anonymous said...

I love people like you! You help people like me when our computers turn into sheeeet!

Anonymous said...

Thank you!!!!!!!!!!!!!!!!

Anonymous said...

Thank you soooo much. I didn't think it was a virus at first

Anonymous said...

thank u !! good job!

Anonymous said...

Renaming antimalwarebyte is what did the trick. Thanks a lot!

Anonymous said...

thank u very much!! i have to ask u something.. i have in my computer the AVG anti-virus.. it is enough or do i have to download those u suggested?

Anonymous said...

This popped up on my bosses computer this morning and we had no idea that it was malware. Thank you for your instructions on how to get rid of this problem. Everything you outlined worked perfectly.

Anonymous said...

THANK YOU SOOOOO MUCH!!!!!!!!!!!!!!!!!

Anonymous said...

I'm glad i found.I happened to me last night. I was almost going to buy it. Thank you. I wil try it when i get home

steffi said...

At the point where you should be able to open explorer.exe i cant since i am not having the correct rights(?) Eventhough i only have this one account and i logged in with it.

WHAT CAN I DO???

Anonymous said...

what a legend :D got rid of it thanks

Anonymous said...

I downloaded the anti spyware programs suggested but it did not remove the program. Is there another way to manually remove the think point program?

Admin said...

Q: thank u very much!! i have to ask u something.. i have in my computer the AVG anti-virus.. it is enough or do i have to download those u suggested?

A: If the AVG removed ThinkPoint virus then you don't need to download any other program.

Admin said...

Q: I downloaded the anti spyware programs suggested but it did not remove the program. Is there another way to manually remove the think point program?

A: Yes, it is. You need to delete hotfix.exe and remove certain Windows registry values.

If you are using Windows XP, please go ahead and delete this file:

C:\Documents and Settings\[User Name]\Application Data\hotfix.exe

If you are using Windows Vista or Windows 7, then the virus is located here:

C:\Users\[User Name]\AppData\Roaming\hotfix.exe

Next, open Registry editor and delete this value:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\hotfix.exe"

Good luck!

Anonymous said...

Stay Blessed!! You saved my day!!

Anonymous said...

How is the public being infected with this Thinkpoint virus? Are people looking at picutures on websites or are they receiving emails that contain this virus? What can I tell my co-worker that will help prevent them from getting infected? Thanks advance for you help!

Anonymous said...

The ThinkPoint screen at the beginning never goes away I have been following the directions to get rid of it, does it take awhile after clicking end process?

Admin said...

First of all, get a good antivirus client and keep it up to date. Keep your your operating system and software up to date and patched. Unfortunately, no security software is 100% bullet proof, that's why don't download attachments in an e-mail unless you trust the source. Don't follow any link in an e-mail unless you trust the source. Also note, that even a well known and reputbale website can be hacked and serve malicious code. You shouldn't search Google for hot topics of the day. Some search results may lead to malware. Facebook is another threat. I think that facebook and all porn sites should be forbiden at work as people usually click on links or Ads and get infected.

Admin said...

Q: The ThinkPoint screen at the beginning never goes away I have been following the directions to get rid of it, does it take awhile after clicking end process?

A: Did you end "hotfix.exe"? Well, it should gone right away. Just do the next step and see what happens.

Anonymous said...

I'm pressing control+alt+delete and I keep coming to the log in screen not task manager, am I doing something wrong? BTW control+shift+esc isn't working either.

Anonymous said...

OMG dude thank you so much. I was getting pissed until I found this Thanxs a million.

Anonymous said...

how come when i go into task manager i only get the task and status tabs and there is no processes

Anonymous said...

it says explorer.exe cant open or spelt wrong please help.

Anonymous said...

I'm pressing CTRL+ALT+DEL buttons, but it send to "lock this computer / log off / switch user / change password"; however CTRL+SHIFT+ESC won't work at all (I have Windows Vista by the way)

Tony said...

after I do end on hotfix.exe and go to run and type explorer.exe it says i do not have permission. Where do i go from there. please help!

homecreating said...

Thank you

Anonymous said...

AHHHHH you're the sheetbombdiggidity. I want to have your babiess!!!!!!

Anonymous said...

this is literally the BEST most comprehensive directions!!!!! THANK YOU SOOO MUCH!!! i thought i was going to do a total system restore and lose all my stuff, but thankfully i came across your site on my phone and followed the instructions and bam my laptop is back to normal! well so far i still have to run the anti-malware, but it feels good to see it back with the icons and getting rid of that stupid thinkpoint screen. thanks so much for writing up this DIY!

Anonymous said...

Thank You SO much everyone. I got the virus this evening & had no idea what to do in order to get rid if it. I've been following the steps listed & am making progress, I believe. I'm still absolutely positive it's gone for good, but I'm hoping! Thanks again everyone!

Anonymous said...

This worked great. You are a lifesaver, awesome job, keep up the good work.

Anonymous said...

Thank you so much, you save my laptop....

Yvonne said...

I was able to delete the hotfix.exe file and ran the malware scan, it told me that my computer needed to restart in order to delete some of the malware, but when it tried to restart the only thing showing up is my wallpaper. No programs, links, or anything. Is there anything that I can do to access my computer properly and at least save my documents?

Anonymous said...

Im following the instructions but I can't get any program to open, even after changing the names and extensions. Closing hotfix with the task manager is the only thing that works so far.

Anonymous said...

THANK YOU SO MUCH!!!

Anonymous said...

I've followed your guide and sadly I can't seem to pull up windows explorer. I've been able to shut down hotfix.exe but explorer.exe will not run. It claims I do not have access to run this file. I am also unable to access it through safe mode/administrator options. I'm running Windows XP with both Spybot Search and Destroy and Malwarebytes installed. I've run both of these programs multiple times in safe mode because I am unable to get into windows normal mode. Each scan turns results in nothing. I've gone through my registry and deleted anything containing "hotfix.exe" and still no go.

Anonymous said...

You are the greatest!!!!!!!!!!!!!!!!!!!!!

Anonymous said...

Hi guys, unfortunately my screen has gone black and once any of the steps prescribed have been done the screen remains completely blank, any ideas how to resolve this?

Anonymous said...

I did not purchase the program, and was able to get to my desktop by restarting. Do I still need to delete anything that the spyware/virus DID get on my computer?

Anonymous said...

The task manager window comes up but disappears so quickly I can't use it. Help!

Anonymous said...

Help! The task manager window just blinks and is gone before I can do anything,.

Anonymous said...

Thank you!

So, if I already have Norton AntiVirus System, will that be sufficient enough to remove the virus from my computer?

Anonymous said...

Worked great! Best solution I could find. Easy to follow. Thanks!

Anonymous said...

ok well i got on finally after dealing with thinkpoint started the antivirus install after ending "hotfix.exe" then the antivirus program needed to restart the laptop and now i can't get past windows screen won't let me log in my password. this is so frustrating! can anyone help me from this point. i have hit the f8 button to try to system restore that way first and that was how i got it the first time. but now nothing:(

Anonymous said...

Im not a techy persin but you infor really helped me alot. Tganks

Anonymous said...

Great advice - followed it and managed to clear things up without too much hassle - Many thanks!

Anonymous said...

Hmm I still can't seem to open registry editor - any suggestions

Anonymous said...

thank u first of all.. i would've never known where to start to remove this pain in the booty virus.. i got a small question though.. would i have to uninstall my other anti virus' before i run a full scan with the new antivirus i just downloaded? simple question thats been itching my thought =D thanx again with the help

Anonymous said...

Thank you soooo much for your help, may God bless you for using your talent for the good of others!

Kjetil said...

You saved my day too!!! Thanks a lot!

Anonymous said...

ok when i go into users and then find my name wich is admin icannot find the appdata roaming pls help how can i delete this junk

Anonymous said...

OMG ! Thanks, this just happened to me like 30 mins ago, & I knew something wasn't right !


THANK YOU !

I'm scanning my other laptop as we speak..

Admin said...

Q: ok when i go into users and then find my name wich is admin icannot find the appdata roaming pls help how can i delete this junk

A: You need to enable the viewing of hidden and protected system files.

1. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
2. Click on the Control Panel menu option.
3. When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.
Go to step 4.

If you are in the Control Panel Home view do the following:
Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Go to step 4.

4. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
5. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
6. Remove the checkmark from the checkbox labeled Hide protected operating system files.
7. Press the Apply button and then the OK button.

Anonymous said...

Hi, just as "steffi" said above, I can also get to the point where you should be able to open explorer.exe ! When i type it in, i get a pop up that says "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them". Event though I only have this one account and i logged in with it.

PLEASE HELP!!!!!!!!!!!!!!!

Admin said...

NOTE: if you got an error message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them", then please run this command first:

cacls "C:\Windows\explorer.exe" /G Everyone:F

Refresh the page for updated removal instructions and tell us if this helps. Good luck!

Anonymous said...

When I type in the command "cacls "C:\Windows\explorer.exe" /G Everyone:F" - the same message still comes up. I really don't understand what to do about this?

Admin said...

Try this: File -> Run new task. Now click "Browse" button. Go to C:\Windows\ and select explorer.exe and clic open.

If that doesn't work. Then click "Browse" again go to C:\Windows\ right lick the explorer.exe and select properties. Then select the "Security" tab. Make sure that "allow" are checked for all the users. There shouldn't be any "Deny".

Anonymous said...

yo you rock thank you very much for helping me fix my computer i really needed that

Anonymous said...

Ok, did that and made sure all users had "allowance" all across the board. Yet it still does not allow me to access "explorer.exe" or the other "everbody" command you have listed above. This is becoming so annoying, why isn't it just an easy fix! Thank you so much for your time, i'm so greatful for the help!

Anonymous said...

I wanted to thank you, for sharing your knowledge, your time, and effort with those of us that would otherwise be lost. You even have my wife thinking that I'm smart.

Thanks again

Anonymous said...

I did all of the above and still got the same message. I also click "Browse" again go to C:\Windows\ right lick the explorer.exe and select properties but did not see the Security tab at all. I saw Screen, Misc, Compatibility, Summary...
Is there anything else I can do to restore desktop icons?

Anonymous said...

Hey, I managed to stop running hotfix.exe and got to the desktop where I eventually installed malwarebytes and ran a scan. It found around 15 items of which it was able to delete all but one, it said the one item required a restart to delete, it seemed to have some problem with deleting it. I restarted but am now still having problems as some part of the virus appears to be interferring with my internet explorer and other stuff. When I try to do a system restore it says it has been turned off by group policy. I have run a scan of the C drive with Microsoft Windows Malicious Software Tool however it does not appear to find anything. I looked for a few of the hotkey files that are dangerous but did not find them, I’m not really sure what part of the virus is left on my computer and how to delete it, any suggestions?

Thanks.

Anonymous said...

I can't thank the builders of this site for such great instructions. I got this evil trojan virus and thought I was screwed. I was able to open Firefox by right-clicking and running it as an administrator. I'm using Windows Vista. So glad I was able to login to FF and get these instruction. I then hit CTRL-ALT-DLTE, highlighted hotfix.exe and hit the 'end process' button. I already have Malwarebytes Anti-Malware (DOWNLOAD THIS PROGRAM) so performed the Quick Scan. It found 3 'Trojan' infected files. I removed them off my computer, restarted luckily without that damn ThinkPoint hi-jack. THANK YOU, THANK YOU, THANK YOU !

Anonymous said...

Q: Even if i run the command
cacls "C:\Windows\explorer.exe" /G Everyone:F

i'm still getting the message displayed

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them",

Can you please help? THANKYOU

Admin said...

1. Restart your computer
2. As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.
3. Log in as the account named "Administrator"
4. Run Task Manager, CTRL+ALT+DELETE
5. End hotfix.exe
6. Run explorer.exe
7. Download antimalware software and scan your computer.

I hope this helps. Good luck!

Anonymous said...

Thank you so much for this site and information - after an hour of pulling my hair out trying to get get anything other than the b.s. Think Point program to come up, I found your site on the internet (using another computer) and fixed mine in less than 5 minutes. There are not enough words to thank you.

Anonymous said...

Thanx! You saved my week-end (and my computer).

Anonymous said...

After selecting "Safe Mode with Networking," it shows "loading windows files" along with some system 32 files displayed and "please wait" at the bottom of the screen. The screen then goes black and then goes back to my login screen (I have a password). So I'm having no success whatsoever. Is there anything I can do from the command prompt? I was able to bring that up.

Anonymous said...

Hi!

I had the same problem. I always got the message not to be allowed to start explorer.exe or any other file.

Solution was the AVG antivir boot cd (you can download here: http://free.avg.com/de-de/downloads for free)

When booting from this cd you shoud do the internet update because without it won't recognize thinkpoint without it.

-elninio-

Anonymous said...

I got rid of the bad files using malwarebytes.....Now I am tryign to delete the windows-shell.reg that you had me install. I am in regedit (Registry Edit) program. Where is the one called windows-shell.reg that you had me install?

Anonymous said...

Thank you so much! I was lost until I found your instructions. You saved my day!!!

Ruby said...

Thank you so much! When my usual fix of 'start in safemode and system restore' did not work, I was starting to go nuts trying to fix this. I found your site on another computer and everything is running smoothly now. Thanks again!

Anonymous said...

I LOVE YOUUUUU GUYS !!!!! thank you thank you thank you

i hope someone will once f*** up the pc's of those who are inventing these stupid programms!

matthew said...

Hi, When I come to point 3 above I am unable to download the windows-shell.reg link. Are there any other suggestions to get around this?

Admin said...

Matthew, open Registry Editor. File-> New task and type in: regedit, then click ok.

Navvigate to this registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Look for:
"Shell" = "%AppData%\hotfix.exe"

Right click on it and select modify. remove value %AppData%\hotfix.exe and add Explorer.exe. Save changes.

Now it should be "Shell"="Explorer.exe"

Admin said...

Q: I got rid of the bad files using malwarebytes.....Now I am tryign to delete the windows-shell.reg that you had me install. I am in regedit (Registry Edit) program. Where is the one called windows-shell.reg that you had me install?

A: You won't find it using Registry editor. Just delete windows-shell.reg from your dekstop. That's all.

Anonymous said...

God bless your soul.
You're an angel!

Anonymous said...

than you so much i just got it to day but how can you tell if the think point is gone?

Anonymous said...

THANK YOU SO MUCH!!!!! You are a life saver! I was really freaking out because I knew something wasn't right and I know nothing about computers. Your guide was very easy to follow. You are an amazing person to be so helpful to others! THANK YOU! THANK YOU! THANK YOU!

Anonymous said...

Thank you so much for this! Your tips did the trick!

Anonymous said...

My hero!! thank you!

Anonymous said...

Help me please, i downloaded the spyware doctor program. followed the instructions at the start screen where i ended the hotfix task and started up with explorer.exe and then ran the full system scan several times. it still has not gotten rid of the program please help me!

Anonymous said...

Help! Everytime I open explorer or my C drive to attempt to delete these files, I get the message 'Windows explorer has stopped working: checking for a solution to the problem' and then 'Explorer is restarting'. Which closes whatever I have open!!
What do I do??

Anonymous said...

my mom got this on her computer, and with this website it took her 5 minutes to remove it. thank you!

Anonymous said...

I was able to delete the hotfix file from my processes. If I run a system scan using McAfee, will that detect any additional files that are bad?

Anonymous said...

Thanks ADMIN for the advice. The spybot and Adware options did not work and took alot of time. The quickest way was the REGEDIT option and it solved the problem.

So for those who have the problem try it.

Anonymous said...

You are amazing! Save me so much, time, headache and money!

Anonymous said...

My problem is that when I press CTRL/ALT/DEL and select task manager - nothing is in the task manager section. So I can't delete hotfix.exe. What do I do then?

Admin said...

When in Task Manaher, click on the Processes tab. There should be a process hotfix.exe and end it.

Anonymous said...

i just got it today... you saved me

Anonymous said...

All I can say is... thank you, thank you, thank you. I know I still have this thing on my system but I am able to get to the Internet and shut down hotfix.exe. Do I still need to download the malware?

Anonymous said...

Thank you so much! bless you a million times and then some.

dylan said...

Help me please, i downloaded the spyware doctor program. followed the instructions at the start screen where i ended the hotfix task and started up with explorer.exe and then ran the full system scan several times. it still has not gotten rid of the program please help me!

Anonymous said...

Thanks alot! You really saved my ass! God bless you mate :)

Anonymous said...

pls pls pls help, i have been trying for 4 days now,on 20 million sites french and english, my daughters computer has this problem, i have tryed the f8 but i get a pls choice boot device thing, so i chose sm-_nec dvd_rw nd-3500ag(in caps) so i press on that, the thinkpoint thing is there, so i press the ctrl alt del, but it does not bring up the task manager at all, i was going to try with ctrl shift and escape but i dont know what the shift button is. by the way both are computers have french keybords, my computer is working fine pls help me in any way u can:)

Anonymous said...

Hi, So. I haven't seen a working answer on the
"Windows cannot access the specified device, path, or file. You may not hate the appropriate permissions to access the item."
And I'm kinda stuck on that one.
I've tried the : cacls "C:\Windows\explorer.exe" /G Evryone:F
And allowed everybody FULL control of explorer.exe
I have tried this both in normal and save mode. Nothing seemed to work.
I've managed to download malwarebytes, renamed the .exe to something else and tried to run. Same problem.
Help? Working with computers isn't rocket sience to me, but I do get stuck on occasion.

Anonymous said...

I have mcfee security, How come I got the think point virus? Also I call dell costomer service, and they told me in order to get ride of the virus I would have to pay? Why is that? Thanks so much!!

Anonymous said...

thank you so much

lilmarv73 said...

When I cut on my pc the frist thing pop on is think point? How do I get rid of it?

Anonymous said...

When I run the windowsshellreg key it claims that it cannot be imported so not all the data was successfully written to the registry and that some keys are still open by the system and other processes...what can I do to get it to write fully onto the registry? Please help!

Anonymous said...

THANK YOU SO MUCH :D

Anonymous said...

огромное спасибо!

lilmarv73 said...

When I press CTRL/ALT/DEL my task manage does not show up and I try the other way and nothing happen

Anonymous said...

If i end the "hotfix.exe" the task manager freezes and I can't do anything ...

I hve vista btw.

Anonymous said...

I was able to use CTRL/ALT/DEL and select task manager and delete hotfix.exe which let me into IE again. I updated and ran Spybot, which found nothing. I updated and ran Anti Malware which found the three bad files, but I was getting error messages and then a blank screen when I selected the "Fix" or "Eliminate" option. I ended up restarting my computer and the Think Point screen reappeared, so I went through the process again, except that now when I enter explorer.exe as a new task nothing happens. What do I do now?

Anonymous said...

Thank you so much. Your instructions really helped. Cheers.

Anonymous said...

Thanks so much! When I opened Task Manager and didn't see hotfix.exe, I panicked for a moment, but then I got an alert from McAfee saying that it had detected and removed...something (I think it said Trojan). Now I'm scanning with Malwarebytes, and then I'll scan with McAfee, but everything looks normal. Sure, all I did was open Task Manager, but I wouldn't have known to do that without this guide, so thanks again.

Anonymous said...

FYI: Spyware Doctor is NOT a free program. It won't remove anything without your credit card number.

Anonymous said...

I believe I deleted the virus after a malwarebytes scan (I no longer get the Thinkpoint screen when I restart my XP computer), but I still can't see my desktop even though I think I used the windows-shell correctly. Any thoughts? Thanks

Anonymous said...

THANK YOU SO MUCH, THIS WEBSITE HELPED ME TO REMOVE THIS VIRUS FROM MY COMPUTER!

AvrilB said...

Thank you so much! It's all working for me until downloading windows- shell.reg I have no idea how to do this could someone please help me? Thanks

Anonymous said...

ciao ho riscontrato lo stesso problema pure io ho seguito tutta la procedura ma arrivati al passo in cui dice crea una nuova attività e digitare exspolre .exe e dare ok mi appare una cartella (sicurezza di windows impossibile aprire i file a causa delle impostazioni di sicurezza internet non e possibile aprire uno o più file )mi puoi aiutare non so cosa fare grazie.

Anonymous said...

I'm running windows 7 and logged in as the administrator (only) account and I can't run explorer.exe from the task manager. Keep getting a Windows Security alert. These files can't be opened. Your internet security settings prevented one or more files from being opened..

Anonymous said...

I followed the instructions above until I got to where you have to open explorer. I tried running the tasks explorer.exe and cacls "C:\Windows\explorer.exe" /G Everyone:F but both gave me the message saying that I may not have the appropriate permission to access the item. I have no idea what to do now!

Anonymous said...

I cannot open explorer.exe through all of your options. I did go into Windows Task Manager and End Process of hotfix.exe But after tring all your suggestions to open explorer, it will not. Please let me know what else I can do? Thanks.

Anonymous said...

Thank you very much! Your instructions were fantastic! If I had a flash drive stick in the computer at the time the Thinkpoint hit, is it OK to continue to use the stick?

Anonymous said...

Thank you so much! Very easy to follow. I launched task manager as my profile was loading and was able to successfully remove the file (5 of them!) from my hard drive.

onepleasedguy said...

I cant thank you enough for that!
I thought id have to scrap my laptop and start from scratch there. To think a virus could be masqueraded that closely to windows software. Heh go figure.
Anyways you have my eternal gratitude for your assistance in removing think point. While im not in a position to donate I shall defintiely forward your site and channel to all my friends.

Anonymous said...

I have a new variant on this problem: When I start up I get an error message that says "Access violation at address 004AFD43 in module "hotfix.exe." Read of address 0000000" It keeps sending this error message which fills the screen and slows down the entire computer. When I try to delete "hotfix.exe" I am told I can't do that because the program is running. Meantime I can't access task manager nor can I install any anti-virus software (e.g. AVG or Spybot) because I can't close down hotfix.exe. Any suggestions?

Anonymous said...

Do you need admin rights to the workstation for ThinkPoint to install on? Or can you install ThinkPoint using the local right with admin permissions?

Vimal said...

Hi,

I am able to remove Thinkpoint but still I am not able to open Internet Explorer :(

My Mozilla opens fine but not IE....

Also when I try to do System Restore, it displays me the message saying "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again." I restarted as instructed but still not able to do System Restore.

Could anyone please assist me in this?


Thanks,

Vimal

Anonymous said...

I deleted the hotfix.exe from the processor and deleted the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\hotfix.exe"
I don't have HKEY_CURRENT_USER\Software\PAV
Am I also suppose to delete:
HKEY_CURRENT_USER\Software\Microsoft/Windows/CurrentVersion/Internet Settings "WarnonBadCertRecving" = "O" and WarnOnPostRedirect" = "O"???

Anonymous said...

Thank you so much great advice.

jojo said...

LOLLING OUT LOUD.

this is like the 8th time since june i've gotten one of these random fake anti-virus programs.

i've been getting them everywhere from Youtube to Livejournal to Yahoo to Facebook to everywhere.

They show up in the adverts and most of the time they start as a java download. if you see the icon appear in your toolbar, you can cancel it and stop it before it begins..

but this time i missed it and this is the 8th time i've had to remove one of these.. i've probably gotten literally 200 or more of these things since summer.. but i've only missed 8 of them.

ugh

christen said...

it took me a few tries to gain access to hidden files and the internet (which kept freezing thanks to this hideous virus) - a lot of shut downs and restarts - but finally got the hidden files revealed (it doesn't like when you try to un-hide them), deleted the thing, and i am finally at the point where a new shell has been downloaded and i am running malwarebytes. i am wholly non-technical, and your instructions were a tremendous help. i cannot thank you enough - THANK YOU!!

Anonymous said...

This worked! Thank you so very much!

Anonymous said...

OMG!! Thank you so much. You saved my computer right before a big school project. You ever need a first born. Let me know.

kate said...

oh wow!!! u r amazing.... i get to the point where i have opened the task manager n the black screen is suppose to pop up where im suppose to press yes... however the black screen just blinks n i cant type "y", what can i do????

Anonymous said...

thanks so much....

Anonymous said...

Please let me add my thanks to the others. I was working from home today and this was creating more chaos than I needed.

Anonymous said...

following the instuctions which are good but can t the task bar to open

Anonymous said...

So I think I sucessfully followed your directions and eliminated the Thinkpoint...until I downloaded the suggested FREE MalwareBytes Anti-malware.
That program downloaded WWW.stopzilla.com files that ran an all system check for several hours. The result is a list of 14 "boot" "worm" files that it recommends I delete to resolve. I say yes...and majically I get a request to purchase their $9.95 software fix with options to purchase additional items.
So from my novice perspective have I still got an additional layer of the thinkpoint virus?? Have I been rescammed by another phisher looking for my credit card info?? ConfusedCA

Anonymous said...

help me plz plz help me i got thinkpoint the other day n looked up this guide from my blackberry. what i did was the task manager n ended it n downloaded maleware byes did a scan n all n then did a sysem restore it worked sotra my compter got really slow n my web broswer kept redirecting me whenever i tried to look up ne anit viurs. ok so it poped back up today n did the task manager again n down loaded malewarebyse again n it said it didnt have the pression like u said i above n i tried the thign u said but it didnt work plz help this dumb program wont let me do ne scans or install ne malewear program can u plz email me since im using my computer to post this n its not workign right lol Bestkeptsecret5431@yahoo.com

Anonymous said...

omg...i think i love you!! im freaking out i left the office and got this think point.. i'm going to do this first thing in the morning! thanks!! i can sleep tonight w/out dreading i broke the office computer! lol :)

Anonymous said...

Thank you so much for sharing this very useful information.

Anonymous said...

I'm having a problem after I dl'ed a anti malware program and removed all the bad stuff... I tried to use the internet and it's not working... =/

B Shan said...

I am trying to get into a vista machine with the malware. I can get rid of the hotfix.exe process.
The machine has one user that is also an admnistrator. I have tried to:
1) run explorer.exe
2) cacls "C:\Windows\explorer.exe" /G Everyone:F
and also tried this process that you posted. Restart your computer
2. As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.
3. Log in as the account named "Administrator"
4. Run Task Manager, CTRL+ALT+DELETE
5. End hotfix.exe
6. Run explorer.exe
7. Download antimalware software and scan your computer.

(minus the administrator login because there is only one login)
I tried looking in the properties like you suggested. I can run internet explorer, I can browse the computer tree with the browse button from run task, but I can't get to the desktop.

When I try to go to safe mode, my options are:
Repair your computer
Safe Mode
"" with networking
"" with command prompt
Enable boot logging
Enable low resolution video (640x480)
Last known Good Configuration (which isn't any better)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Start Windows Normally

What can I do to get to the desktop?

Anonymous said...

when i go to the process thing there is no hotfix.exe

Anonymous said...

worked wonders thanks... :)

Anonymous said...

Thank you so much. I don't know what i would have done without your help. muchas gracias, merci, if i could say it in a thousand languages, i would .

Anonymous said...

I posted a need for help on October 26th and no one has helped me. I also got the ThinkPoint Virus/Spyware on my computer. I'm so afraid. I have done everything that you have suggested above. My AVG and Spybot did not pick up any viruses or spyware, but Malware Bytes did, but it wasn't anything to do with ThinkPoint. My problem is I still have these four registry keys in my registry. I'm not sure if I should delete them. They are as follows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPost" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnBadCertRecving" = "0"


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnZoneCrossing" = "0"

Are these associated with ThinkPoint as a backdoor into my computer?? PLEASE HELP!!!
THANK YOU.

BB said...

I know I have the Think point virus, but when I went into Task Manager to click on hotfix.exe and end process it wasn't there. I still ran an antimalware program and deleted infected files, but I am unable to access the internet from my computer and I think I still have the virus.

Admin said...

These registry entries are not associated with ThinkPoint. Don't remove them.

The only registry value associated with the rogue program is:

HKCU\Software\Microsoft\Windows NT\CurrentConfiguration\Winlogon\Shell = %AppData%\hotfix.exe

David Ibáñez said...

Hey buddy, thanks for your detailed post. I was able to follow all the instructions. Yet, there is still some kind of virus on the computer because every time I type a website, it opens up a different one of advertising and spam. I tried system restore, I tried various ani-virus: AVG, spyware doctor, SuperaAntyspyware, etc.

Also, for some reason, my recovery partition is now messed up. I wonder if it has anything to do with think point. I cannot even restore to factory settings.

Thanks in advance.

Admin said...

David Ibáñez, please go through the steps as shown on the link below:

http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

I hope this will help you. Good luck!

Anonymous said...

I got thinkpoint removed (THANKS!) but now my browsers won't work. IE says "Internet Explorer cannot display the webpage", Chrome says "The webpage is not available", and Firefox says "The proxy server is refusing connections". However, when I navigate to my gmail account it comes up, its just all other pages. Other programs like Spybot and Malwarebytes & Windows Update can download/update their files. Any ideas?

Anonymous said...

when i want to run task manager it say: "task manager has been disabled by your administrator." please help! that's driving me crazy!!

Admin said...

Please read my previous comment with a link to the redirect virus removal instructions. You don't need to go through all these steps given on that link above. Just start from the first step as see if the problems persists. If you still have the same problem then go to step wtow and so on.

Admin said...

Q: when i want to run task manager it say: "task manager has been disabled by your administrator." please help! that's driving me crazy!!

A: You need to log in as the account named "Administrator".

Watch this video: http://www.youtube.com/watch?v=EdaaG96GsU4

Anonymous said...

Hi,
When I press ctr+Alt+del or ctr+shiftg+escape my laptop doesnt respond and does not go to the task manager. Also when I press F8 at the beginning there is no effect. Please help

David Ibáñez said...

I got rid of the redirecting pool! thanks!! I still have a virus call svchost.exe I tried with various adware/malware removal programs. Any ideas?

Thanks in advance, again!

You save my weekend probably.

Anonymous said...

tenho um anti-virus avira personal no meu notbook,posso instalar Malwarebytes Anti-Malware e
SuperAntiSpyware junto com meu anti-virus?
os três funcionando juntos não vai trazer problemas nas funções do anti-virus?

Anonymous said...

Thank you so much for this information! I was able to remove the hotfix.exe so I was able to restore my desk top and task bar. However I cannot open Windows Explorer. I can access other programs, documents, music, and photos. Any suggestions on how I can restore my internet connection?

I was not able to follow the directions in 3, to "download the following file windows-shell.reg" Where do I download this from?

Thank you for any additional help you can provide!

Janet

Anonymous said...

i think the point is thanks for the virus and the solution im practicing in my pc whitout that help and viruses i could not explorer my pc they should make more viruses and i will thank for the future solution

Anonymous said...

stupid spyware makers... no lifes. thanks you rlly are a hero out there we destroyed it and we are up and running you saved a small business thank you. keep sticking it to those nerdy malaware makers.

Dan said...

thank you for the help your step by spep institution's were very easy to follow and my laptop is fine now so thank you

Admin said...

Janet, you can also download the "windows-shell.reg" file from here: http://download.bleepingcomputer.com/reg/shell.reg

Good luck!

Anonymous said...

Thank you for saving me alot of time and money these steps worked to perfection

Anonymous said...

Thank you So So very much! You save my life.

Anonymous said...

THANK YOU SO MUCH! You just saved a big project I was working on since 3 months!!! God bless you.

Anonymous said...

I have Norton Sercurity Suit and it did not recognize Thinkpoint, even when I clicked the files created by the malware and select Norton Sercurity Suit -> Scan Now.

Anonymous said...

Thanks!!!

Anonymous said...

Thank you so much...I followed yours steps exactly as described at it worked perfectly!

Anonymous said...

Thank you for the good instructions. Greetings from Germany!

reysebastian said...

Hi. I was foolish to fall for that ThinkPoint crap but smart enough to not buy it or anything like that. I did a system restore to a few days back and I did not experience any ThinkPoint stuff. I'm doing a McAfee scan now and it found 1 "tracking cookie," and corrected 1 "tracking cookie." Do I still have ThinkPoint searching my computer I find nothing about it and everything works fine. I'm assuming McAfee if it finds something will correct it. As soon as the scan is over I'm going to restart (Microsoft Updates need to install) am I going to still experience problems? If so, where do I start?

Anonymous said...

teşekkürler arkadaşım çok güzel açıklamışsın Türkiyeden selamlar

Anonymous said...

THANK YOU THANK YOU THANK YOU!!! U SAVED ME!

B Shan said...

Replying to my own post.
Eventually poking around with the browse button from the task manager I was able to get to windows explorer; but it was in a different place for some reason. Anyway, I got to the desktop so I could delete the file and the registry value.
Thanks a bunch.

P.S. in case this helps anywone else, here is another article about removing thinkpoint. These two together are what helped me get rid of this thing.

http://www.2-spyware.com/remove-thinkpoint.html

Anonymous said...

When I hit the Ctrl+Alt+Delete the only things that come up are lock this computer, switch user, log off, and change a passord. What do I do?

Anonymous said...

I GREATLY appreciate your help with this problem.

Anonymous said...

I also have Norton 360, which failed to stop it. I got the virus yesterday via Adobe Flash using Firefox. A huge pain.

Anonymous said...

Sir, or ma'am, you are a god and I would hug you if I could... My computer is helping me find a job and in that respect, NOT lose my house or my car and you saved that. Thank you, thank you, THANK YOU!!

Admin said...

Q: When I hit the Ctrl+Alt+Delete the only things that come up are lock this computer, switch user, log off, and change a passord. What do I do?

A: You need to switch users and log in as the administrator.

Anonymous said...

How do I switch users and log in as the administrator?

Anonymous said...

thanks

Anonymous said...

I love you! Have my children?

Anonymous said...

i cant get the shell reg think to work it says that it registry editing has been disabled by the administrator and ive tried saving it as all the suggested things

cody82414 said...

Thank you SO much!

Anonymous said...

Thank YOu so much i thought i was doomed lol

Anonymous said...

Thank you very much for this fix! My husband ran the hotfix program, and then complained 'Microsoft is messing up my computer!". After assuring him it wasn't Microsoft, I did a web search, and found your very easy to follow fix, and resolved the problem. You are my hero! and I am my husband's hero for fixing his computer problem. Although Spyware Doctor claimed to be free, it found the problem but wouldn't fix it without purchasing the program, so I used your manual remove instead, and that worked fine.

Anonymous said...

THANK YOU THANK YOU THANK YOU!!!! I had no idea how to get this off my computer because I couldn't use the internet - and I found your instructions from my phone! Cannot thank you enough!!!

Anonymous said...

Thank you so much. Question, what happens if I do not delete HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\hotfix.exe"

I got rid of the hotfix and it seems like my computer is back to normal. Is the virus just lying dormant waiting to strike again?

Anonymous said...

Thank you for helping me with this. I used another computer to access this, and was able to remove the virus on the infected computer with Malwarebytes, thanks to your instructions

Anonymous said...

Looking at all the sites and comments from users, this virus is fairly new. And sucked sooooo bad until I went on my sister's laptop to find how to remove it. Thank you soooo much1!

Zephyr said...

And yet another thanks for saving my computer. <3

Anonymous said...

You have saved my boyfriends skin!!!!!Thank you so much for the well written detailed step by step guide on how to rid my laptop of that son of a bitch, sneeky virus!I nearly had a complete freak out and you saved me! Thank you so so much!a much appreciated, none techno laptop user!

Anonymous said...

to Bad_Wolf
i was thinking about the think point scam and i was wondering if i put my credit card into the purchase page and when i hit purchase it didnm't proses and they never took my mony out of my acount will they take mony out on a further date

I am just concerned now if they will have to my credit card information even thought the transaction didn't go throught ?

please respond ASAP

Anonymous said...

Thank you very much! Finally I got rid of that annoying programm!

Anonymous said...

I used task manager to shut off thinkpoint, but before i could download a anti malware programe, it came back on, when i restarted my computer, after i used task manager again i get a black screen

Anonymous said...

I love you i figured out it was hotfix and you saved my computer thanks !!

Admin said...

Q: Thank you so much. Question, what happens if I do not delete HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\hotfix.exe"

I got rid of the hotfix and it seems like my computer is back to normal. Is the virus just lying dormant waiting to strike again?

A: Basically, this registry value "Shell" = "%AppData%\hotfix.exe" means that ThinkPoint virus will be loaded instead of Windows Explorer. You should change %AppData%\hotfix.exe to explorer.exe after all.

Anonymous said...

Thank you, thank you, thank you for helping!
With your help I removed ThinkPoint from my fathers computer!

Anonymous said...

I got as far as step #2 OK but if I have nothing on my desktop then how can I do this?:
"3. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is important because if you won't fix this entry, then your Windows Desktop will not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer."
My desktop is gone.

Anxious said...

Hi, The instructions look great but I can only log in as my own profile. There is no option to Log In as an Administrator. How do I get to this to change to an Administrator

Anonymous said...

many thanks, post very useful!

Admin said...

After step #2 your Desktop should be back. Try to restart your computer is safe mode with networking and try again.

«Oldest ‹Older   1 – 200 of 460   Newer› Newest»