Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Monday, October 18, 2010

How to remove ThinkPoint (Uninstall Guide)

Tell your friends:
ThinkPoint is a fake anti-spyware application that pretends to scan your computer for malicious software and then deliberately reports false system security threats. It's distributed mostly through the use of fake online scanners and some other malicious websites, so clearly this program is not legit. ThinkPoint masquerades as a legitimate security product from Microsoft called Microsoft Security Essentials. Once installed on your computer, it will list numerous problems and claim that you should fix them immediately. ThinkPoint will state that you need a heuristic program to fix the problems and it even offers to sell one for $99.90. Please don't purchase Think Point. This program is fake. It won't fix your computer because there actually are no problems except the ThinkPoint itself. If you are reading this article then you probably got infected with this malware. Thankfully, we've got the removal instructions to help you to remove ThinkPoint from your computer for free using legitimate anti-malware software. Please follow the removal instructions given below.

ThinkPoint graphical user interface

(Thanks to rogueamp)

First of all, you will see with the fake Microsoft Security Essentials alert. The fake alert will claim that Microsoft Security Center has detected the submitted file as "Trojan.Horse.Win32.PAV.a". Finally, it will state that you need to install ThinkPoint solve the problem.



If you choose to continue, your computer will restart, but it won't boot all the way to the Desktop, even in safe mode. The rogue program will hide all the desktop icons and taskbar. A program labeled ThinkPoint will show up.



Then it will run a fake system scan and you won't be able to stop it. After the fake scan ThinkPoint will list numerous problems on your computer. If you choose to install the full version of the program with required modules you will be taken to the pay page of ThinkPoint.

ThinkPoint will block nearly all programs on your computer. It will block task manager and other system tools as well.
The application taskmgr.exe was launched
succesfully but it was forced to shut down due
to security reasons.

This happened because the application was
infected by a malicious program which might
pose a threat for the OS.

It is highly recommended to install the
necessary heuristic module and perform a full
scan of your computer to exterminate malicious
programs from it.


However, there is a way to disable this virus. After the ThinkPoint screen loads push the command CTRL+ALT+DELETE quickly. This will bring you to task manager. Open the tab called Processes, find the process hotfix.exe and end it. The rogue program should be gone now. Next, you need to bring your Desktop and taskbar back. While in task manager go to File and select "Run new task". Type explorer.exe in the open box. This will bring back Windows explorer. More detailed instructions are given below. At this point you should be able to download anti-malware software which will remove ThinkPoint.

Without a doubt, ThinkPoint is a scam. Don't fall victim to this bogus security program. If you have already purchased it then you should contact your credit card company and dispute the charges. Please note that this rogue program may come bundled with Trojans that can download and install additional malware onto your computer. So, you should remove the rogue program as soon as possible. And, of course, it's always a good idea to scan the computer with at least trow anti-malware programs. By the way, your pictures, music and other files should be safe. ThinkPoint doesn't delete files. It's just a very annoying program. Last, but not least, if you have any questions or additional information about this virus, please leave a comment. Good luck and be safe online!


ThinkPoint removal instructions:

1. Restart your computer. Once the ThinkPoint window comes press Ctrl+Alt+Delete or Ctrl+Shift+Escape. You should now see the Windows Task Manager screen as shown in the image below or a screen where you can select the Task Manager to be run.



Click on the Processes tab. Then click and highlight hotfix.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes (or press Enter). This will close the ThinkPoint program.

2. While in Windows Task Manager, click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK. Your desktop and icons should start up as normal.



NOTE: if you got an error message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them", then please run this command first:

cacls "C:\Windows\explorer.exe" /G Everyone:F



A new windows will come up asking "Are you sure?" Type Y and press enter.



Now run explorer.exe again.

3. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is  important because if you won't fix this entry, then your Windows Desktop will not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer.

4. Download and scan your computer with recommended anti-malware software (Spyware Doctor) to remove ThinkPoint virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator.


ThinkPoint associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\[User Name]\Application Data\hotfix.exe
  • C:\Documents and Settings\[User Name]\Application Data\[SET OF RANDOM CHARACTERS].bat
  • C:\Documents and Settings\[User Name]\Application Data\install
  • C:\Documents and Settings\[User Name]\Application Data\start
For Windows Vista and Windows 7 users:
  • C:\Users\[User Name]\AppData\Roaming\hotfix.exe
  • C:\Users\[User Name]\AppData\Roaming\[SET OF RANDOM CHARACTERS].bat
  • C:\Users\[User Name]\AppData\Roaming\install
  • C:\Users\[User Name]\AppData\Roaming\start
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = %AppData%\hotfix.exe
Share this information with other people:

460 comments:

«Oldest   ‹Older   201 – 400 of 460   Newer›   Newest»
Admin said...

Q: Hi, The instructions look great but I can only log in as my own profile. There is no option to Log In as an Administrator. How do I get to this to change to an Administrator

A: Try this method: http://www.youtube.com/watch?v=EdaaG96GsU4

Good luck!

Anonymous said...

Dude I have been reading through all the posts with a rather morbid fascination. You see I am a tech too (btw very good uninstall guide - kudos). I can't for the life of me imagine why you would deal with all the noob questions for free. Mind you I don't mean to be insulting to the clients, but they are noobs. After the 100th rewording of the same question I am afraid my brain would melt. Anyway, I am not sure what you are getting out of this but here is a "Good Job" and a pat on the back for you.

Anxious Still said...

I open in safe mode with networking and after ctrl, alt, delete there is only a black screen. No task manager opens up. Shall I run the Think Point again in Safe Mode and then get to the desktop. Is that what you mean by getting to your desktop.

Anonymous said...

Yo dude, you know what?? U're like an ANGEL in my eyes...
Oh yeah btw, what anti-virus did u suggest?? 'cause i've been using AVG and it cannot find the ThinkPoint so need ur suggestion pro :D

Anonymous said...

Thanks a lot!

followed the instructions, and everything's back to normal. PS : Spybot didn't find hotfix.exe. Maybe the others work better, but ended up deleting the file.

Admin said...

Q: Oh yeah btw, what anti-virus did u suggest?? 'cause i've been using AVG and it cannot find the ThinkPoint so need ur suggestion pro :D

A: I suggest ESET NOD32 Antivirus 4. I use it myself. Besides, you can use this antivirus 30 days for free.

Felis said...

Anybody who can't access registry or show hidden files after getting the desktop and internet back should use Total Cammander and Registrar Recistry Manager to implement the rest of the fixes. It's working for me so far

marcelo said...

hola creo q elimine think point pero cuando reinicie mi computadora no pudo dar clic a inicio me aparece el cursor cargando y no se quita q me suguieres q aga no pued hacer nada

Anonymous said...

hola,, si pude eliminar el think point pero tengo un problemas no puedo dar clic a inicio me sale mi cursor cargando y nunca se quita q me suguieres q haga

Anonymous said...

Thanks so very much. Keep up the good work. Stephen, Durham, England.

Anonymous said...

Thankyou Soooo Much. It saved my laptop and my time too. I was thinking this is a real software that my company might has purchased it. I opened a ticket and they were looking to see if they purchased it from IBM.

I was able to remove it with your excellent instructions.

Anonymous said...

God Bless You!!! You save my PC, Thanks

Anonymous said...

hey i went to regedit and got all the way to winlogon but i dont see shell anything. windows runs normally and i have deleted the hotfix.exe file already from C:

should the file not be there or am i missing something. i navigated correctly 5 times in regedit and shell is not there in winlogon

Anonymous said...

will hitman pro get rid of it.. to? im in the process of getting rid of this stupid virus

Anonymous said...

hey will ESET NOD32 Antivirus get rid of the virus? its scanning my computer right now?

Anonymous said...

what if you dont have hotfix.exe on you processes list on the tast mamager?

Admin said...

Q: will hitman pro get rid of it.. to? im in the process of getting rid of this stupid virus

A: Yes, I think Hitman Pro will remove the virus. If it fails then use other programs from the list.
Good luck!

Admin said...

Q: hey will ESET NOD32 Antivirus get rid of the virus? its scanning my computer right now?

A: ESET NOD32 Antivirus is my favourite security program. It removed the ThinkPoint virus from several infected PCs. I think it will remove the virus from your computer too. Good luck!

Admin said...

Q: what if you dont have hotfix.exe on you processes list on the tast mamager?

A: Well, there still should be a process related to ThinkPoint virus. Here is a list of the essential processes that Windows needs to run correctly.

System Idle Process
explorer.exe
taskmgr.exe
spoolsv.exe
lsass.exe
csrss.exe
smss.exe
winlogon.exe
svchost.exe – (There will be a few of these)
services.exe

End all other processes. Good luck!

Daren said...

So when I try to reboot in safe mode, it loads about 30% and freezes, same for normal startup. I cant get into windows at all, is there any way to delete this virus, or atleast get into windows? thanks

Ryan said...

I followed the steps, got malwarebytes' software to remove thinkpoint, but I can't find "Shell" = "%AppData%\hotfix.exe" when I navigate to: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\WindowsNT\Winlogon after running regedit. Is it possible that running malwarebytes' and windows-shell.reg already got rid of the hotfix.exe ?

Samantha said...

Thanks so much. After the ctrl-alt-delete I was able to end that process hotfix.exe then run my system restore. I'm so glad I've got an IPod touch cause I wouldn't have known how to get that off otherwise. Thanks again.

Anonymous said...

Thanx a lot, was very useful !!!

Anonymous said...

I apologize if you have answered this; however, I didn't see it addressed:

I am following your directions, but after I run "explorer.exe" from Task Manager and my desktop comes up, ~ 15 seconds later ThinkPoint will come back on and start running a system "scan".

At that point I am locked out of my computer, and cannot get Malwarebytes (or anything) to work.

I have tried going through Task Manager and ending all non-necessary programs, thinking perhaps another program was causing this, but no joy.

Any ideas?

Anonymous said...

Think point Icon is on my desktop. Does that mean it is still in my system? Will it disappear when the full scan is complete?

Anonymous said...

Parabéns pelo post....
Muito útil.....

Anonymous said...

thank you so much.It worked for me and my laptop now works.many thanks for sharing this with us all

Anonymous said...

Thank you so much for these instructions

utkarsh said...

Thanks for saving my day. I followed the instruction and at the end Hitman Pro 3.5.7 trial version was able to remove the virus.

Anonymous said...

please help. i followed your instructions but i am having trouble w/ the part on windows-shell. i downloaded it but it's not on my desktop and it doesn't seem to do anything. i rebooted and the thinkpoint thing still shows up first thing. i have ran my antimalware system and it did not detect any virus so i can't delete thinkpoint!! i don't know what else to do...please help me!!!

Anonymous said...

it is not working. I can delete the hotfix.exe and run explorer.exe but within a minutes time the thinkpoint reappears and doesn't allow me to proceed. Help!!

Anonymous said...

muchas muchas gracias :)

Kaze said...

I totally love you, no homo. I skipped ahead by holding Ctrl+Alt+Delete and keep clicking the X when it didnt allow me, and managed to get Task manager to open and quickly killed hotfix since I right clicked ThinkPoint and hit properties -> Find Target and saw hotfix, I knew it was the problem. Although I deleted it, it was just a way to open it. So searching in google really helps and your the helper =). Many thanks.

Anonymous said...

thank you very much for this really valuable information

Anonymous said...

Thank you so much! Your seriously my hero right now!

Anonymous said...

Thank you for a great insight. Once I got to explorer however Thinkpoint would not let me start the task manager.
So what I did was a system restore to a date before I was infected and it worked. After restarting Thinkpoint was gone, Just had to remove a few straggler files as per your instructions.
You would think what they do should be monitored and stopped somehow.

Anonymous said...

I have Eset and it didn't find it even when I scanned the file...hummm and I just upgraded it to 4.2

Anonymous said...

Hi Useful information, we are lucky to have person like you.
Thanks a lot.

Anonymous said...

Excellent Guide. Thank you.

Anonymous said...

I have followed all the steps up to downloading the antimalware, I scanned it with malwarebytes, it didnt pick up anything, then I follwoed you directions to manually delete it, I deleted it in Registrary, but I cant find it in C:\, could you help me? Thank you some much for your help thus far

Anonymous said...

Thank you so much!

Anonymous said...

YOUR A LEDGEND !!!!!!! LOVE FROM SUN STUDIOS !!!

Anonymous said...

God Bless you!

Anonymous said...

hi,

I am having a problem when it comes to the tasks bar. When i click on the hotfix.exe and then i click process, its not processing. Please help me with this. I tried doing the next step which is explorer.exe, and all that comes up as you stated but i just cant get rid of the think point. I have tried everything. PLEASE HELP ME!!!!!!!

Victoria said...

Oh my god, that virus came to my little pc, and i didn't know what to do, I could never believe at my pc should get a virus the first month I owns it! And thank god, I found you, now is the virus gone, gash, I'm so happy i could kiss you!! Thank you SO mouch!

Anonymous said...

Still working on my infected computer. Thank you very much.

Susan said...

i dont see the "security" tab in the explorer place. where do i go? ):

Anonymous said...

Thank you so very much!!! I was so thankful when I was able to restore my computer back to the way it was. THANK YOU, THANK YOU, THANK YOU!

Carrie/Busha said...

I am eternally grateful! I am a computer GEEK and have been on em for over 25 YEARS! Online for 15 years and this one got me. First time in years I have had a virus/malware attack. THANK YOU THANK YOU THANK YOU!

Anonymous said...

hi! i have windows 7, but I cant find those files from my PC even thought I did accidentally download Thinkpoint. is there some other ways of finding those think point associated files?

Anonymous said...

i deleted the thinkpoint program to the recycling bin and emptied and now the anti malaware can't find it. what should i do

Anonymous said...

Thankyou!!!!

Anna said...

Ok spybot has not found anything and spyware doctor only scans it for free but cannot remove unless you register for 29.99 for 12 months. I don't have the cash handy so is there any other programs that will REMOVE for free??

Anna said...

Yay! Malware bytes did the trick; scanned and removed the fundamental threat, with a choice of registering for more powerful stuff if you want to.

Thank you so much, I will be subscribing to this!!

Anonymous said...

for some reason thinkpoint has my internet blocked and the box lan settings for proxy is not checked...i downloaded a trojan remover from a good computer to my jump drive but my infected computer's usb ports don't seem to be working...what to do..thanks

Anonymous said...

I logged on as administrator but in the task manager processes window there is no hotfix.exe file to highlight. I am so frustrated with this non of the suggestions have worked for me so far. Pleassssseeee help

Admin said...

Well, there still should be a process related to ThinkPoint virus. Here is a list of the essential processes that Windows needs to run correctly.

System Idle Process
explorer.exe
taskmgr.exe
spoolsv.exe
lsass.exe
csrss.exe
smss.exe
winlogon.exe
svchost.exe – (There will be a few of these)
services.exe

End all other active processes. Good luck!

Admin said...

Q: Ok spybot has not found anything and spyware doctor only scans it for free but cannot remove unless you register for 29.99 for 12 months. I don't have the cash handy so is there any other programs that will REMOVE for free??

A: Try Malwarebytes Antimalware and Hitman Pro. Both programs are free.

Anonymous said...

thank you so much!!!

Anonymous said...

This was so useful and easy to follow. Thank God there are people like you who put up these helpful guides to counter against those stupid scams out there. I hated seeing that ThinkPoint logo every time I booted up my laptop. Thanks again!

Anonymous said...

GENIUS!!! LOVE YOU GUYS!!!

David Leonard said...

Thank you.

Anonymous said...

i can't get task manager to run - it's blocking task manager. right at startup I tried to get task manager, but it was blank - no tabs and no options.

what do I do now?

Anonymous said...

HELP....I get into task manager ok but there is no hotfix.exe there!....please advise

Anonymous said...

Thank you so much! I was so worried when I came about this malicious program. Thanks again you are a blessing.

Admin said...

NOTE: if you can't find hotfix.exe then just skip this step and click the File -> "New Task (Run...)" from menu on the bottom right. Type in explorer.exe and click OK. Your desktop and icons should start up as normal. Download Hitman Pro and run it in Force Breach mode. Instructions: http://www.youtube.com/watch?v=m6eRWTv2STk

Good luck!

Göran said...

Hi. Tried logging in as administrator after choosing "safe mode with networking", pressed ctrl+alt+del where task manager (finally) was "pressable", but nothing happened when I clicked it except that screen got back to its original state e.g. wasn't able to "end process".
What shall I do?

Anonymous said...

Thanks

Anonymous said...

i cant get the download to work 4 the window shell

Anonymous said...

I am unable to even restart my computer. It will not let me restart, shut down, log off... none of these commands. What do I do?

Anonymous said...

many thanks for your help. your directions were excellent and worked first time.

Anonymous said...

Solution XP:
If ctrl alt del doesnt work or task manager has been disabled, run in safe mode with command prompt. In the window type "regedit". Then delete "*HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=%AppData%\hotfix.exe"
Also delete:
"C:\Documents and Settings\[User Name]\Application Data\hotfix.exe"
You can search for hotfix.exe in regedit to be sure.
Then exit regedit. In prompt window type: C:\windows\explorer.exe [press enter]
Now icons are back. Run malwarebytes. If corrupted reintall update and do deep scan. Remove all found items. Reboot. DL and Run windows-shell.reg. Restart. Done.

Anonymous said...

the Lord bless you for your knowledge to help other who don't know how to do this kind of thing without people like you....long long in knowledge

Anonymous said...

HELP - I cannot get my PC to the log on page because of this ThinkPoint Virus i.e. I cannot now even see the ThinkPoint Screen any suggestions?

Anonymous said...

Thank you :)

Anonymous said...

Thanks for sharing the information... I was able to delete the virus with the above procedure...

Anonymous said...

HOLY F(&)*k what an insidious virus... it just took me 7 hours to get rid of it; wouldnt have done it with these instructions though thx a lot.

Göran said...

Ok, so after deleting hotfix.exe in Dos, I managed to log in as administrator and scan the desktop for viruses, found a number of them and took the necessary steps to do whatever the program told me to do. BUT! I still can't delete this illusive little register-thing everyone seem to find at the flip of a wrist...
Not in Registry Editor, anyway. What do I do, EXACTLY, to delete this malicious little detail?
Every time I log in as the user that caused this issue, it starts all over again.

Göran said...

Just to clarify my latest post: All I can find in the "Winlogon"-registry is this:
(Default)
BuildNumber
ExcludeProfileDirs
ParseAutoexec

Also, searching the entire registry does not find anything related to "hotfix.exe". But still, the lousy computer does not boot all the way up, and ctrl+alt+del does not enable me to click Taskmanager. Weird.
Do I need to say it's not an IBM?

Anonymous said...

My Task Manger don't have the menu @ the top how do i get it back on so i can delete dis stupid program

Anonymous said...

You are a star, instructions helped save my girlfriends laptop. Downloaded the free malware progs but didnt take it away just asked me to buy it. Followed manual instructions much quicker and easier. Cheers

Anonymous said...

i think the same as almost evrey one avove...
you saved my computer! thank you!

Anonymous said...

yes, thanks for the help.

Anonymous said...

Thanx dude, nobody realized it was on the family comp, and was a massive problem when it came to printing off work. Thanx a mil.

Anonymous said...

When I press CTRL+ALT+DEL my task manager does not show up and I try the other way and nothing happen, can you help me please

Anonymous said...

Excellent instructions!!! I can step back from the ledge. You're a lifesaver. This world would be a better place if there were more people like you and less of the malwares...jerks

Anonymous said...

I uninstalled thinkpoint before i knew what it was,now i have lost Internet Explorer i still have my desktop and every thing else, its just Internet Explorer is gone, i am using Firefox until i get it back,i guess because i uninstalled Thinkpoint nothing that is suggested is working to get my IE BACK

Anonymous said...

yesterday it came on all of our office's computers i dont know how....no1 knew what to do...i came home n got the soluotion....and now my boss is soo happy for me....thnx to you dude....:D

Anonymous said...

this was an amazingly easy step by step,to get my lap top back. THANK YOU TO THE MAKER OF THIS STEP BY STEP REMOVAL TOOL

Hans_Dominik said...

Thank you. Very helpfull.

Anonymous said...

Thank you..... Instructions were very detailed and easy to follow. Thanks again for taking your time to help eliminate those that want to harm others.

Anonymous said...

thank you very much , very useful info

Anonymous said...

great help1 MANY THANKS!

DIEGO said...

Hello everyone ... are an Italian user. forgive me be wrong to write ... So I did everything I needed to do ... "Think points" would seem to have been eliminated. now the problem is that when I connect to my internet browsing does not last more than 1 ½ minutes, after which appears the browser page that says basically I'm not connected ... and check my connection is connected but ... Can you help me please? thanks in advance

__ DIEGO __ =))

Admin said...

Hello Diego,

First of all, please follow the redirect virus removal guide

And I strongly recommend you to scan your computer with Hitman Pro. It's a free malware removal tool http://www.surfright.nl/en/downloads

Buona fortuna ;)

Anonymous said...

Thank you very much. Instructions were very simple and fixed the problem
:-)

Anonymous said...

Okay so I've been following every step and alls been working well... But now I just finished scanning the computer with Malwarebytes' Anti-Malware and it didn't find anything... What do I do? :/

Anonymous said...

Thanks so much! I almost feel computer literate having followed your oh so easy instructions.

Anonymous said...

thanks very much, however i reformated my laptop the first time i got this thinkpoint and lost all my photoes. when i got it this time round i followed your steps and they worked well thankx. is there a way i can retrieve my lost photoes thnkx

Anonymous said...

Thanks you saved my parents computer.

Anonymous said...

Thank you it worked!!

Anonymous said...

after ending hotfix i go to open firefox.exe and shuts down automatically and when it restarts it goes blank can anyone help me please!?!? really would appreciate it :)

kristy said...

THANK YOU! !!!!!

Rashad said...

God Bless you, people like you keep the world goes round.
You have just saved my LAptop,
Have a nice day buddy ?
SycoSnake

Anonymous said...

oh crap!!! THIS think point IS sucks!!! THANKS A LOT BRO!!!!

rolph said...

dear admin,
i did my best removing said items and it seemed to work. Now however when i restart (after running SuperAntiSpyware) my desktop wont load. I have no clue what i did wrong or how to fix this. Please advise

Anonymous said...

i follow all the steps, and i think i remove Thinkpiont, but after using my pc for 1 hr it restart automatic and i only see the Bios and then its black no window xp logo pop up. my lights on my keybord doesnt work. Is this cause by Thinkpoint? i restart it over and over i think my pc is dead. who els got this problem too?

Greetings Allan

Anonymous said...

My aunt, and my cousin have both picked up the thinkpoint virus. my aunt foolishly put in her credit card number. my cousin and i have been going over your amazing instructions all night. we got windows running normally. but when she got home from school, she restarted her computer and now it goes to a blank page with a text cursor in the top corner. how can we fix it without formatting?

Dawn said...

Have been following directions, but still after multiple tries can not get the task manager up. I run in safe mode with networking. I tried as an administrator, I tried as me...please, please help me

Dawn said...

I can not get the task manager up, even in Safe with Networking as admin and as myself..what else can I do to try and get to the taskmanager?

Admin said...

Dawn, try this:

1. Restart your computer in Safe Mode with command prompt.
2. You will seeonly a black window – command prompt.
3. Type in: cd %APPDATA%
4. Press Enter
5. Type in: del hotfix.exe
6. Press Enter
7. Restart your computer in normal mode.
8. Downlaod anti-malware software and scan your computer.

Good luck!

Admin said...

Rolph and others who have the same problem and can't log on to Windows, try to restart your computer in Last Known Good Configuration. Here's a Microsoft guide: http://www.microsoft.com/windowsxp/using/setup/support/nostart.mspx#2

Good luck!

Anonymous said...

Thanks man now i can use my pc freely again...best sugestion i have ever heard or read on internet...ur the only trusted guy on the net......well done !!!

Anonymous said...

hey man thans for the sugestion.....but i dont know how to delete regestru values.....i deleted the files so now the main screen and the program "Thinkpoint" doesnot start when i start the pc but i still want to make sure and delete the registry values also......

Admin said...

Click Start -> Run. Type in: regedit and click ok.
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

On the right side of the window you will see such registry value Shell = %AppData%\hotfix.exe

Right click on it and select modify. Delete %AppData%\hotfix.exe and add new values: explorer.exe

Save changes. That's all. However, I strongly recommend you to scan your computer with anti-malware software listed above, e.g. Hitman Pro or Malwarebytes. Good luck!

Anonymous said...

Thanks man i am going to try this ....now and are this for free..coz i downloaded spyware doctor and still searching for serial key or keygen.......nyways thnks man again!!

Anonymous said...

Many many thanks! A really straight forward set of instructions to follow that worked first time. Keep up the great postings!

Anonymous said...

I am up to step 3, run explorer.exe again, then to download windows shell.reg. When I run explorer again, a my documents screen pops up. What am I missing

Anonymous said...

thanks for help

Anonymous said...

Thanks very usefull you saved my Pc

Anonymous said...

Thanks!

Anonymous said...

THANK YOU SO MUCH!!!

Anonymous said...

I Really Really can't thank you enough for your help... That just happened to me one hour back... Luckily I was able to open my browser by running it as admin.. And I was even more luckier to find this site... Really great info and everything worked like charm... I'm running the anti-malware as we speak... THANK YOU... THANK YOUUUUUU.... May God Bless you!!!!

Anonymous said...

In haste and frustration, when I got to HKey_Current...Winlogon, I accidentally deleted the whole "Shell =" tag.
Have I screwed up totally or can I fix this?

Anonymous said...

THANK YOU THANK YOU THANK YOU!!!

Anonymous said...

thanks you really know what your doing. I'm going to go to you blog from now on when I have a problem. A++++ work!!!

Anonymous said...

The world needs more people like you, Thank you.

Anonymous said...

Admin.... God Bless You... I was thinkin' maybe this sight was some kind of practical joke.. It's NOT at all.. You are the REAL Deal... I hit the F8 key like you mentioned when the computer was booting up and it worked like a charm... You are my new trusted administrator... Thanks Again, Sincerely, David Olmscheid

linda said...

My partner has a thing called system tool virus 2.12,how can he ger rid of that one.It wont let him do anything

linda

Admin said...

Linda, please read this blog post: http://deletemalware.blogspot.com/2010/10/how-to-remove-system-tool-uninstall.html

Good luck!

Frankie said...

I need help! I downloaded AVG 2011 and seemingly removed all the malware and spyware but now can't get my desktop even in safe mode. Any suggestions???

Anonymous said...

thank you sooo much may god bless you

Anonymous said...

I LOVE YOU! Thank you so much! I am always pretty careful with internet security and this one is so clever and I only clicked on it as it was after midnight and I was so tired and in a hurry. Your instructions were great and combining them with Roguevamp's youtube clip I was able to easily work it out and get rid of this thing!
Thank you thank you thank you

Anonymous said...

You should be proud of yourself because instead of saying for a small fee you'll tell us how to fix such a problem that could destroy our computers, you simply step by step showed us the way to a safer computer all out of the kindness of your heart. Thank you my friend. Thank you!!!!!!

Anonymous said...

Thanks for saving me and my laptop.

Kavya Kollu said...

Thank you very much!!!!! for posting this...it's veryyyy helpful....the malware has eaten up half of my day to fix it...

Kavya

Anonymous said...

Welll, it worked the forst time, and then when i restarted my computer again it came back! I went through the steps again and it went away and lowwed me to access my computer but how do i delete it forever? HELP!

The Wonderer said...

This thing installed itself while the user had a standard WIN7 account with no install permish, running Sophos and Windows Defender!
What else could I do to prevent users foolishly installing it apart from the unheeded advice to not click on popups or advertising?

jossw-j said...

i LOVE you dude!!! Thank you sooo much :D MY HERO!!! so glad i had my old laptop close by to find this website seriously im going to post think on facebook and tell everyone about it!!
THANK YOU!!

Anonymous said...

need your help!my keyboard isnt working so i cant use any of the keyboard shortcuts...it also took away my run program and wont let me use task manager.what do i do?

Admin said...

Mouse isn't working too?

Anonymous said...

UFA! FUNCIONOU! hahaha....Que vírus foi esse? rs Obrigada.

Anonymous said...

Thanks for your help. Well written instruuctions that did the job first time. Kind REgards. HCD.

Anonymous said...

I can't say anything else just thank you so much becouse your help i thought i'll be an idiot while i was thinking what to do! THANK YOU!!!!!!!:)

pamjb000 said...

Thanks so much. Am back up and running after removal but when I go to C:\\DocumentsandSettings\User, the Applications folder is gray and will not let me click on it. Also gray are: local setting, print hood, net hood, send to, and templates. I cannot open any of these. Any suggestions?

Anonymous said...

it works for me
THANKS!

HoRuSLeO said...

I LOVE YOU !!!!!!!!!!!!!!!!! OH GOD MY COM IS SAVED BECAUSE OF THIS!!! WAS SO PANIC !!!

Anonymous said...

do i need to repeet what others said?

Thanks.

Anonymous said...

thank you so much you saved my computer.

Anonymous said...

I had the think point virus and have removed it using malwarebytes amti-malware, but i'm not sure it has removed all of it as it is going very slow all the time. I tried running a virus scan since using kapersky and it was taking far too long so had to cancel it. I have done a search for the files you stated are involved, and I can find the documents and settings/user/ApplicationData/install and the start file. Should I remove these? Thank you.

Admin said...

Yes, you should remove these. And please scan your computer with Hitman Pro. Download link is given above. Good luck!

Anonymous said...

Thank you!!! Your post is really helpful!!!

Mel said...

I nearly had a HEART ATTACK..but thankfully this worked..

TIP!!!!
This program infected my laptop but luckily I had a second computer in the house to look up the information.

If you have an external hard drive or flash drive handy you can download it via another computer onto your drive and then have it run on the laptop/infected computer. <--Worked perfectly because I was stuck not being able to open any internet browsers on my laptop..

I CANT SAY THANK YOU ENOUGH!

Anonymous said...

lots of Thanx ... very useful... i love it

Anonymous said...

I cannot even open the task manager.. it says
the application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.. please help.. i cant even open my laptop

Anonymous said...

Fixing someone else's computer now. I was putting AVG free on, and then read frankie's post above. Now I am concerned. AVG also takes this off, right?

Mameychi said...

PLEASE HELP ME PLEASE PLEASE PLEASE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WHEN I CLICK YES ON THE REGISTRY WINDOWS SHELL THING IT SAYS 'Cannot import blablabla the specified flie is not registry script. you cAN Only import binary registry files from within the registry editor.' HELPPPPPPPP ME WHAT DO I DO!!!!!!!!!!!!!!!!

Anonymous said...

Thank you so so much! I really appreciate this!

Anonymous said...

Brilliant. Thanks

Anonymous said...

Totally awesome fix. Thanks for sharing. You guys are awesome!

Anonymous said...

get 2 the bit explorer and it ask what program i want to open it with

Anonymous said...

my pc keep showing me low disc space & keep rebooting. I was able to add registry but not able to remove infected files how do I remvove them?

gauravw said...

thanks a ton mate!!!! you saved me! you are the ONE!

Anonymous said...

Thank you so much!!!
I thought I have had to re-install Windows T ^ T.

I followed your steps in order, but while I was downloading MalwareBytes, I deleted ;

C:\Documents and Settings\[User Name]\Application Data\hotfix.exe
C:\Documents and Settings\[User Name]\Application Data\install
C:\Documents and Settings\[User Name]\Application Data\start

Then I opened Registry Editor but no "Shell = %AppData%\hotfix.exe" was found in the path you told me.

It automatically deleted because I ran "windows-shell.reg", rigth?

Please reassure me...

Anonymous said...

Should we delete everything that has "hotfix" in it? I see it on several occasions and different dates on my computer. Thank you.

Anonymous said...

Thanks for the fix. This one is great and it helped me remove it completely! Great documentation and follow through! I will pass this on if needed.

Admin said...

Q: Then I opened Registry Editor but no "Shell = %AppData%\hotfix.exe" was found in the path you told me.

It automatically deleted because I ran "windows-shell.reg", rigth?

A: Yes, that's right.

Admin said...

Q: Should we delete everything that has "hotfix" in it?

A: No, you shouldn't.

Anonymous said...

OMG THANK YOU THANK YOU THANK YOU! For anyone reading this, if you make it to the point where you have control of the computer again, AVG free edition will identify and remove the necessary registry values. THANK YOU for posting these directions! May the gods bless you all!

Anonymous said...

THANK YOU THANK YOU THANK YOU First time Ive ever found on line help that was easy for a novice to understand. AND IT WORKED FLAWLESSLY the very first time. I was having a horrible day and you helped to save it.

Anonymous said...

Thanks! Much appreciated

Anonymous said...

Thanks a million :)

Anonymous said...

Hi, I did everything that you said, until the point: ran new task. I had to go to browse and chose from the desktop "Mozila Firefoks". After that, it opened only Mozila Firefox but there are no other icons. Can you please tell what else should I do in order to restore the other icons? Thanks very much for help! :)

Anonymous said...

Step 3 is what did the trick for me, I ran MalwareBytes Anti-malware when I first started to get the pop ups but the scan did not detect anything, thanks for the great detailed and easy to follow instuctions. The virus has been totally removed.

Anonymous said...

I'm trying to help my friend get this TP out of his com and when he went to Win task mgr processes there wasn't anything listed as hotfix.exe. Could they have renamed it now that you are showing people how to get rid of it? What should I tell him? TY

Admin said...

Yes, they could have change the process name of ThinkPoint. Unfortunately, I don't know how else it could be named. If you'll find out this, let us now.

Anonymous said...

Thank-you so very much!! This was a huge help!

JOEL said...

I DID IT WITH OUT BUYING A THING. I WENT INTO SAFE MODE BY STARTING THE COMPUTER AND PRESSING F8 OVER AND OVER UNTIL SAFE MODE WITH NETWORKING WAS ON. THEN DID CONTROL ALT DELITE. TASK MANAGER. FOUND HOTFIX.EXE AND ENDED PROGRAM. CLOSE THAT, THAT MADE THE PROGRAM STOP RUNNING NOW YOU MUST FIND IT AND DELITE IT ALSO. SEARCH ALL FILES BUT MAKE SURE YOU SEARCH IN HIDDEN FOLDERS AS WELL. IT WILL FIND A FEW FILES BUT ONLY ONE BIG ONE. DELITE ALL OF THEM. MAKE SURE YOU ARE SHIFT + DELITE SO THEY DO NOT GO INTO RECYCLE BIN. RE START YOUR COMPUTER AND IT WILL BE GONE FOREVER !!!!!!!!!!!!!!!!!!!!!

mithun said...

thank u very much...

gurvinder said...

"Next, open Registry editor and delete this value:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\hotfix.exe"
"
I went to the above location but didnt find anything related to hotfix,However i have deleted the file hot fix at appdata and have done all the things that you told us seriaslly.However please advise me Which antivirus is good.
I already have microsoft security essentials , which wasnt able to detect anything
I installed spydoctor which detected 57 infections ,
Failed to quarantine 2
Removed 57
Should i upgrade spydoctor to the full version or buy kaspersky or something else.

Admin said...

gurvinder, I use ESET NOD32 Antivirus 4. I wouldn't upgrade Spyware Doctor if I were you. Kasperky is one of the best, but NOD32 is faster and has the same virus detection rate. So, I recommend ESET NOD32 Antivirus 4. You can download a free 30-day trial of NOD32 from here ESET NOD32 Antivirus 4.

Good luck!

gurvinder said...

Almost all the messages have been posted in November.It seems as if the virus was just unleashed recently.I was a victim of it yesterday.Thanks to the Admin whoever he is.It saved me a lot of unnecessary efforts and money.U advised me to buy NOD32.So should i uninstall Spydoctor,then?

gurvinder said...

Also i would like to ask you ,Now that i have got rid of Thinkpoint, how do i ensure that the performance of my lappie has not been compromised

Admin said...

ThinkPoint was first noticed in mid October. Yes, you should uninstall Spyware Doctor. Install ESET NOD32 Antivirus 4, run a full system scan and then use CClener to remove unnecessary files from your computer. It's a free program, you can download it from http://www.piriform.com

Good luck!

Anonymous said...

thank you soooooooooooo much,i didnot know that think point is a trouble, thank you for helping me

Anonymous said...

Thank you! I thought I lost my computer and all the docs.

Alexandria said...

You are wonderful! Thank you so much for saving my computer. I really needed it.

Anonymous said...

thanks dude i really needed it. Microsoft if you are doing this then you suck!

Anonymous said...

You are the best. My mom had this stupid thing and they are not very computer smart and they were thinking they had to get a new computer. So you made me a hero, in helping them with only a long distance call. You Rock. Thank you so much.

TQ in BC

Anonymous said...

Thank you so much for your help. I took my computer to Best Buy and spoke with one of their Geeks. He told me it would take 3 days and $200.00 to fix this problem or he told me to just buy a new laptop. So glad I came home and use google to find you guys.

Anonymous said...

hey how can i get rid of the pop ups and redirecting left from think-point ?

Anonymous said...

Thank you so much for your step by step presentation,it worked and my computer is back.

Anonymous said...

GOD BLESS YOU!!!!!!! They almost had me for a minute, I almost thought it was from Microsoft somehow but it didn't look right! Thanks so much for your help and Thank God for people like you!!!! :)

Anonymous said...

Thank you so much for doing such a great job with this article. The instructions were so clear and easy to follow and my computer was fixed in a very short time. You saved me so much. Thanks again!

Admin said...

Q: hey how can i get rid of the pop ups and redirecting left from think-point ?

A: Try this: Remove the Redirect virus.

Good luck!

gurvinder said...

Hi admin thanks for the sound advice.Plesae advise me further.If i install eset nod32 and then recover my laptop to the original factory condition,would i be able to reinstall eset nod 32 on the same machine.I am asking this question because the license is only for 1 computer.

Admin said...

Hi, yes you will be able to reinstall NOD32 on the same machine. Don't worry :)

Anonymous said...

hello so far its been so good, so id like to say thank you very much. but when i tried to delete it in the registry editor i got up toHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and i couldnt f ind the rest of it which is "Shell" = "%AppData%\hotfix.exe". any help please?

Jeff said...

Nice job.Your solution worked perfectly. Can I have permission to link this solution to my company's virus removal FB page? http://www.facebook.com/pages/Virus-Stompers/165967774816?ref=ts

Nan Stenzel said...

I cleaned a computer infected with Touchpoint last week but now it is not booting. I get a blue screen with 0x0000007B error. Does Touchpoint corrupt the boot sector? Anyway to get around this?

«Oldest ‹Older   201 – 400 of 460   Newer› Newest»