Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, October 18, 2010

How to remove ThinkPoint (Uninstall Guide)

Tell your friends:
ThinkPoint is a fake anti-spyware application that pretends to scan your computer for malicious software and then deliberately reports false system security threats. It's distributed mostly through the use of fake online scanners and some other malicious websites, so clearly this program is not legit. ThinkPoint masquerades as a legitimate security product from Microsoft called Microsoft Security Essentials. Once installed on your computer, it will list numerous problems and claim that you should fix them immediately. ThinkPoint will state that you need a heuristic program to fix the problems and it even offers to sell one for $99.90. Please don't purchase Think Point. This program is fake. It won't fix your computer because there actually are no problems except the ThinkPoint itself. If you are reading this article then you probably got infected with this malware. Thankfully, we've got the removal instructions to help you to remove ThinkPoint from your computer for free using legitimate anti-malware software. Please follow the removal instructions given below.

ThinkPoint graphical user interface

(Thanks to rogueamp)

First of all, you will see with the fake Microsoft Security Essentials alert. The fake alert will claim that Microsoft Security Center has detected the submitted file as "Trojan.Horse.Win32.PAV.a". Finally, it will state that you need to install ThinkPoint solve the problem.



If you choose to continue, your computer will restart, but it won't boot all the way to the Desktop, even in safe mode. The rogue program will hide all the desktop icons and taskbar. A program labeled ThinkPoint will show up.



Then it will run a fake system scan and you won't be able to stop it. After the fake scan ThinkPoint will list numerous problems on your computer. If you choose to install the full version of the program with required modules you will be taken to the pay page of ThinkPoint.

ThinkPoint will block nearly all programs on your computer. It will block task manager and other system tools as well.
The application taskmgr.exe was launched
succesfully but it was forced to shut down due
to security reasons.

This happened because the application was
infected by a malicious program which might
pose a threat for the OS.

It is highly recommended to install the
necessary heuristic module and perform a full
scan of your computer to exterminate malicious
programs from it.


However, there is a way to disable this virus. After the ThinkPoint screen loads push the command CTRL+ALT+DELETE quickly. This will bring you to task manager. Open the tab called Processes, find the process hotfix.exe and end it. The rogue program should be gone now. Next, you need to bring your Desktop and taskbar back. While in task manager go to File and select "Run new task". Type explorer.exe in the open box. This will bring back Windows explorer. More detailed instructions are given below. At this point you should be able to download anti-malware software which will remove ThinkPoint.

Without a doubt, ThinkPoint is a scam. Don't fall victim to this bogus security program. If you have already purchased it then you should contact your credit card company and dispute the charges. Please note that this rogue program may come bundled with Trojans that can download and install additional malware onto your computer. So, you should remove the rogue program as soon as possible. And, of course, it's always a good idea to scan the computer with at least trow anti-malware programs. By the way, your pictures, music and other files should be safe. ThinkPoint doesn't delete files. It's just a very annoying program. Last, but not least, if you have any questions or additional information about this virus, please leave a comment. Good luck and be safe online!


ThinkPoint removal instructions:

1. Restart your computer. Once the ThinkPoint window comes press Ctrl+Alt+Delete or Ctrl+Shift+Escape. You should now see the Windows Task Manager screen as shown in the image below or a screen where you can select the Task Manager to be run.



Click on the Processes tab. Then click and highlight hotfix.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes (or press Enter). This will close the ThinkPoint program.

2. While in Windows Task Manager, click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK. Your desktop and icons should start up as normal.



NOTE: if you got an error message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them", then please run this command first:

cacls "C:\Windows\explorer.exe" /G Everyone:F



A new windows will come up asking "Are you sure?" Type Y and press enter.



Now run explorer.exe again.

3. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is  important because if you won't fix this entry, then your Windows Desktop will not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer.

4. Download and scan your computer with recommended anti-malware software to remove ThinkPoint virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator.


ThinkPoint associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\[User Name]\Application Data\hotfix.exe
  • C:\Documents and Settings\[User Name]\Application Data\[SET OF RANDOM CHARACTERS].bat
  • C:\Documents and Settings\[User Name]\Application Data\install
  • C:\Documents and Settings\[User Name]\Application Data\start
For Windows Vista and Windows 7 users:
  • C:\Users\[User Name]\AppData\Roaming\hotfix.exe
  • C:\Users\[User Name]\AppData\Roaming\[SET OF RANDOM CHARACTERS].bat
  • C:\Users\[User Name]\AppData\Roaming\install
  • C:\Users\[User Name]\AppData\Roaming\start
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = %AppData%\hotfix.exe
Share this information with other people:

460 comments:

«Oldest   ‹Older   401 – 460 of 460   Newer›   Newest»
gurvinder said...

I think you didnt delete the registry key for the hotfix.This what the admin has advised

gurvinder said...

spyware doctor found Microsoft fraud Thinkpoint virus

Admin said...

@Jeff: Yes, of course. Thank you for your kind words. Good luck!

Admin said...

@Nan Stenzel: Try to restart your computer in last known good configuration. Or you can try to repair Windows if you have Windows CD.

Aamer said...

Thankyou very much for posting detailed instructions on how to fix that. it was quite disturbing,and I had no idea on how to get rid of it, till I read your post. Thanks a lot

Anonymous said...

can't get passed "our security won't allow..............

Christine said...

Thanks SO much for the extremely helpful guidance! ... After I ran the Malwarebytes scan and removed the infected files, I am now receiving two "RUNDLL" messages relating to modules that can no longer be found and loaded - (1) C:\WINDOWS\system32\79wwxcz6.dll and (2) C:\WINDOWS\mcapal.dll. Any thoughts on how to repair or restore? Thanks!

Rayner Tan said...

I've followed your instruction and it really worked. Now I can go into my computer without having the thinkpoint screen. But to make sure I don't have the virus anymore. I tried to check for
* C:\Users\[User Name]\AppData\Roaming\hotfix.exe
* C:\Users\[User Name]\AppData\Roaming\[SET OF RANDOM CHARACTERS].bat
* C:\Users\[User Name]\AppData\Roaming\install
* C:\Users\[User Name]\AppData\Roaming\start

But I can't find it even after opening hidden files. Is it gone? or i'm doing something wrong?

Anonymous said...

Thank you very much. You are a life saver. God Bless!

Admin said...

@Rayner Tan: scan your computer with Malwarebytes Antimalware and Hitman Pro. Both programs are safe and free. If they won't find anything then your computer is malware free. Goood luck!

Admin said...

@Christine: restore your computer to an earlier date when you didn't have the ThinkPoint virus and those DLL errors. Also, if you have Windows CD you can run system repair.

Anonymous said...

I did everything you said but I can not have my Desktop iether Task manager.
Please help me.Anyone plese write me at page48228@aol.com

Anonymous said...

When I go to Windows task manager, there is no hotfix.exe listed...

HELP!!!

Thanks,
Joe

Anonymous said...

Holy Smokes...it woked!

Anonymous said...

God bless you! Thanks very much! I am grateful! This site has saved my life! :)

Becky said...

Thank you so much!!! This locked up my computer in the middle of a test...you really saved my bacon :) GOD BLESS YOU!!!

Anonymous said...

It wouldn't be right to.not at least say thanks for TOTALLY saving my butt after getting this virus on my work laptop late at night while on the road with no Help Desk to save me & a TON of work to do!

Halculvin said...

Thanks so much dude! You saved my life....

Anonymous said...

Thank you so very much. The tech department at my university wanted to charge me upwards of $80 to remove the virus. You've saved me so much time, stress, and money! Thank you!

Umesh said...

Thank you so much for the helpful information.
Umesh

Anonymous said...

Thanks to your instructions I have saved my desktop. Great job. I really thank you guys!!
Giovanni

Anonymous said...

Champion!
Just a suggestion tho-

"Are you sure you want to terminate the process?" click yes. This will close the ThinkPoint program.

Should change to this-
"Are you sure you want to terminate the process?" click yes (or press Enter). This will close the ThinkPoint program.

Just because on my small notebook screen i couldnt see the box that allows you to 'click' yes. Took me a while to work out just to hit enter haha

Anonymous said...

Thanks soooo much. I'm glad I didn't have to do a full restore

Anonymous said...

Thank you so much. I'm so stupid! As soon as I saw it I panicked and told it to scan. Then I thought that it was a trick. :/ Also, I could only run the shell from an administrator profile, not from my usual non-admin profile. Otherwise it came up with an error. Thanks again

Anonymous said...

Since I'm not sure how I got Think Point on my computer and as tricky as these things can be, I was almost scared to try this in case it might make the situation worse. I did it anyway since my laptop wasn't usable anyway and I am so glad I did. It worked!! Thank you so very much!!!!

Anonymous said...

THANK YOU!!!

Anonymous said...

you are awesome...you saved my computer....i was so worried until I saw these instruction...thank you very much

Anonymous said...

THANKS!

Abhinav said...

Hey.... it worked like a charm!!! Really very good stuff. Keep up the good work.

Anonymous said...

Please help! I've gotten to the point of downloading the file. But I have no internet connection. I don't have any networks show up in control panel.

SHRAWAN said...

hey who ever you are thanks a lot........i couldnot have done without your guidence........
it was really helpful... once i thought my laptop was gone ..... but thanks to your removal guidence.... anyways thanks thanks....

Anonymous said...

very useful post! you are superb!

Margus said...

Thank you!!!!!

Anonymous said...

The best Christmas present ever! Thank you so much!

Admin said...

You are welcome!

Anonymous said...

Thank you so much for posting the valuable info. I just got the virus today and your steps helped. God Bless you!

Anonymous said...

Thank you, thank you, thank you, thank you! I cannnot thank you enough for having such straight forward, easy to follow removal instructions!! When this first happened to my computer I panicked to say the least (I go to school online and cannot do so without my computer) so your instructions were a huge relief! Thank you again!!

Anonymous said...

THANKS OMG SAVED MY COMPUTER

Anonymous said...

The kids accidently clicked on this crap on the internet and I thought my computer was toast! Thanks so much for the great information :)

Anonymous said...

YOU are a lifesaver!! Was looking for, perhaps, a Paypal link to thank you for saving me. You have a true talent... not only with the subject at hand... but your ability to explain the process so clearly without adding fluff is a true gift. Thank you so much for sharing yourself with others. I'll check back for that Paypal link.. or other. Would be very happy to donate for your services.

Anonymous said...

Wow: Thanks for the clear directions that really work. The world needs more sites like this to stop crap like this "Think Point" criminals.

Herberto said...

Man you safe the heart of my computer tanks!
But i have anohter problem, the Spyware Terminator analise too this virus "ThinkPoint"?

And sorry my english im portuguese! :)

And tanks! :D

Anonymous said...

awesome.works

Anonymous said...

Super, many thanks

Very useful

BigBoss

Anonymous said...

Rename the program file to something else, any thing at all.So right click on the MBAM shortcut>>properties>>fi nd target and change the .exe file to what ever you want.I changed the folder name aswell.It seems to be working now.

Anonymous said...

Thank you very much. I tried everything. Somehow after I somehow got the screen to clear the Thinkpoint messages like you posted, saying to buy the full version, I ran two programs I have, on is PC Doctor, the other is MY Faste PC, and now I can get on Explorer again. I will check and see if the next time I boot up if the Thinkpoint appears and follow you directions to remove it.

I sure am glad you posted this. You are a Computer Angel, whomever you are.

Pete Johnson Danceswithshadow@Yahoo.com

Thank YOU, again.

Edimoore said...

Thanks! is very good! have excellent day my friend

Anonymous said...

hey i just wanted to asked.. when thinkpoint infected my pc,i managed to use my antivirus to quarantine it... then i rebooted the pc n everything was back to normal.. in this case, should i still download those antimalwares to delete thinkpoint or everything's gonna be alright with where i stand now?

Anonymous said...

Hello, I was able to delete the hotfix.exe but am not able to proceed to step 3. I am blocked from using Internet Explorer or Mozilla and therefore cannot download the windows shell.reg. Any advice re: how to go around this?

Thanks.

-winston

edgars latvija said...

liels paldies...tnx o lot..:)

edgars latvia said...

tnx o lot...:)

Anonymous said...

It works. Thanks a lot.

Anonymous said...

THANK YOU!!! I THOUGHT MY SYSTEM WAS DEAD BUT YOU HAVE SAVED IT AND NOW I CAN PLAY MINECRAFT AGAIN! TYTYTYTYTYTYTY

Anonymous said...

Great tutorial! Keep up the good work.
In my cyse however it didn't work completely as expected.
I have an xp-system (sp3).

I followed the instructions until opening of the task-mabager. After trying to kill the hotfix-process, my task-manager froze completely. I couldn't even drag the window around.

Maybe i had a nodified version of thinkpoint.

I unmounted ny hard-disk from my main-pc physicaly and mounted it on an older pc i still have as secondary disk. After this, i booted the old pc and deleted the files listed above. I also deleted them in the trash bin too, just to be shure they are gone. Then i put the disk back to my main-pc and booted.

As i expected it bootrd normaly.
Then i deleted the listed registry key.
Now the system works like before :)

Anonymous said...

OMG...it worked!!! I could not get rid of thinkpoint....my desktop was down for 2 months until I got help from this site. I can't thank you enough... Those 'Thinkpoint' people should be HUNG for causing undue trouble for seniors like me that depend on our computers. THANK YOU..THANK YOU again for getting this crap out of my computer!!!

Anonymous said...

Before i even knew about these posts to delete "thinkpoint" I was trying to get rid of it on my own. It was like it caught on to everything I was doing to try to get rid of it. Know I cannot start in safe mode,safe mode w/ networking, safe mode w/ command prompt, last known good configuration, factory settings, ect. After I start my computer, the emachine screen shows up. After that the picture goes black instead of booting up my windows xp. Please help me. I have no idea what to do now.

Anonymous said...

Thanks for the help seems like I have gotten rid of everything but now my computer is super slow any suggestions

Anonymous said...

It worked!!! Great job buddy. It was so simple to get rid of it. Your way of explanation is really appriciated. it was on my dad's computer from >1yr.
Thanks a lot.

Anonymous said...

I think I was able to delete the hotfix.exe using command prompt (I don't see it anymore under regedit) but when I try to log on my desktop has no icons, no start button, etc. CTRL ALT DEL doesn't do anything and neither does CTRL SHIFT ESC. Is there any hope for my desktop? It's been sitting unused for months because I can't figure it out!

Thanks!!

DEEDEE said...

There is no hotfix.exe in task manager. Help please?

«Oldest ‹Older   401 – 460 of 460   Newer› Newest»