|ThinkPoint graphical user interface|
(Thanks to rogueamp)
First of all, you will see with the fake Microsoft Security Essentials alert. The fake alert will claim that Microsoft Security Center has detected the submitted file as "Trojan.Horse.Win32.PAV.a". Finally, it will state that you need to install ThinkPoint solve the problem.
If you choose to continue, your computer will restart, but it won't boot all the way to the Desktop, even in safe mode. The rogue program will hide all the desktop icons and taskbar. A program labeled ThinkPoint will show up.
Then it will run a fake system scan and you won't be able to stop it. After the fake scan ThinkPoint will list numerous problems on your computer. If you choose to install the full version of the program with required modules you will be taken to the pay page of ThinkPoint.
ThinkPoint will block nearly all programs on your computer. It will block task manager and other system tools as well.
The application taskmgr.exe was launched
succesfully but it was forced to shut down due
to security reasons.
This happened because the application was
infected by a malicious program which might
pose a threat for the OS.
It is highly recommended to install the
necessary heuristic module and perform a full
scan of your computer to exterminate malicious
programs from it.
However, there is a way to disable this virus. After the ThinkPoint screen loads push the command CTRL+ALT+DELETE quickly. This will bring you to task manager. Open the tab called Processes, find the process hotfix.exe and end it. The rogue program should be gone now. Next, you need to bring your Desktop and taskbar back. While in task manager go to File and select "Run new task". Type explorer.exe in the open box. This will bring back Windows explorer. More detailed instructions are given below. At this point you should be able to download anti-malware software which will remove ThinkPoint.
Without a doubt, ThinkPoint is a scam. Don't fall victim to this bogus security program. If you have already purchased it then you should contact your credit card company and dispute the charges. Please note that this rogue program may come bundled with Trojans that can download and install additional malware onto your computer. So, you should remove the rogue program as soon as possible. And, of course, it's always a good idea to scan the computer with at least trow anti-malware programs. By the way, your pictures, music and other files should be safe. ThinkPoint doesn't delete files. It's just a very annoying program. Last, but not least, if you have any questions or additional information about this virus, please leave a comment. Good luck and be safe online!
ThinkPoint removal instructions:
1. Restart your computer. Once the ThinkPoint window comes press Ctrl+Alt+Delete or Ctrl+Shift+Escape. You should now see the Windows Task Manager screen as shown in the image below or a screen where you can select the Task Manager to be run.
Click on the Processes tab. Then click and highlight hotfix.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes (or press Enter). This will close the ThinkPoint program.
2. While in Windows Task Manager, click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK. Your desktop and icons should start up as normal.
NOTE: if you got an error message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them", then please run this command first:
cacls "C:\Windows\explorer.exe" /G Everyone:F
A new windows will come up asking "Are you sure?" Type Y and press enter.
Now run explorer.exe again.
3. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is important because if you won't fix this entry, then your Windows Desktop will not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer.
4. Download and scan your computer with recommended anti-malware software to remove ThinkPoint virus from your computer.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator.
ThinkPoint associated files and registry values:
For Windows XP users:
- C:\Documents and Settings\[User Name]\Application Data\hotfix.exe
- C:\Documents and Settings\[User Name]\Application Data\[SET OF RANDOM CHARACTERS].bat
- C:\Documents and Settings\[User Name]\Application Data\install
- C:\Documents and Settings\[User Name]\Application Data\start
- C:\Users\[User Name]\AppData\Roaming\hotfix.exe
- C:\Users\[User Name]\AppData\Roaming\[SET OF RANDOM CHARACTERS].bat
- C:\Users\[User Name]\AppData\Roaming\install
- C:\Users\[User Name]\AppData\Roaming\start
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = %AppData%\hotfix.exe