(11 votes, average: 3.82 out of 5)
Loading ...
Español
Português|
|
Tweet |  More |
ThinkPoint Description
ThinkPoint is a fake security application promoted by the fake pop-up message ‘Microsoft Security Essentials Alert’. Fake ‘Microsoft Security Essentials Alert’ is a misleading message that uses the “drive-by download” method to download and install a trojan file without the user’s consent. The trojan associated with ‘Microsoft Security Essentials Alert’ disguises itself as a hotfix.exe or as an mstsc.exe file. The fake ‘Microsoft Security Essentials Alert’ is not associated to Microsoft Security Essentials 1.0 or MSE 2.0 in any way.
The fake ‘Microsoft Security Essentials Alert’ is used to trick users by imitating Microsoft Security Essentials threat reports on a user’s computer. The fake ‘Microsoft Security Essentials Alert’ lists numerous fabricated trojan infections and prompts users to purchase rogue software such as ThinkPoint to clean them.
The fake ‘Microsoft Security Essentials Alert’ will display a bogus online scan done by 35 anti-malware tools and state that your computer is infected with ‘Unknown Win32/Trojan’. Although 30 of the software names displayed are legitimate security applications (like Trend Micro and Symantec), the rest are false. Among the list of rogue software recommended to remove ‘Unknown Win32/Trojan’ threat are ThinkPoint, AntiSpy Safeguard, Peak Protection 2010, Red Cross Antivirus, Pest Detector 4.1, and Major Defense Kit.
ThinkPoint is designed to entice computer users to download and install the suggested rogue anti-malware programs which will allow the rogue makers a backdoor entry to users’ systems. ThinkPoint will start scanning a user’s computer alleging to have detected all sort of malware infections and in order to remove the infections the user needs to buy the full version of ThinkPoint. ThinkPoint will make a system vulnerable to other attacks by deteriorating a computer’s performance and blocking a victim’s access to legitimate security software or websites.
The best approach to prevent from becoming a victim to these attacks is to download a legitimate anti-malware program from a reputable website to automatically detect and remove ThinkPoint from your computer.
Can’t access legitimate anti-malware software like SpyHunter to detect ThinkPoint? If ThinkPoint is blocking access to SpyHunter and security websites, do the following:
- Restart your computer and if you see the ThinkPoint interface, keep hitting Ctrl+Alt+Del to open your Task Manager.
- Once Task Manager opens, hit the ‘Processes’ tab, locate the main ThinkPoint process called ‘hotfix.exe’ and choose ‘End Process’. If your Task Manager is disabled, search for the name ‘hotfix’ on your computer using your Windows File Search Tool, rename it to hotfix0, and then open your Task Manager to delete the process.
- After this is completed, continue using your Task Manager to go to ‘File’ menu, select ‘New Task (Run)’ and type in ‘explorer.exe’
- Click the ‘OK’ button and wait for your Desktop to get back to normal.
- Then, go ahead and open SpyHunter to automatically detect other malicious files related to ThinkPoint and the fake ‘Microsoft Security Essentials Alert’ message.
If you have already purchased the rogue software ThinkPoint, you should contact your credit card company and ask for a chargeback on your purchase. Ultimately, it is advised you use a reliable, automatic detection tool to detect ThinkPoint from your computer or delete its malicious files manually.
Type: Rogue AntiSpyware Programs
How Can You Detect ThinkPoint?
ThinkPoint Technical Report
As new ThinkPoint details are reported by our customers and findings from our Threat Research Center, we will update this section.
ThinkPoint’s Country of Origin:
- Russian Federation
Fake message for ThinkPoint:
The following fake error message(s) appears for ThinkPoint:
Microsfot Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action.
Click ‘Show details’ to learn more.
Detected items: Unknown Win32/Trojan
Alert level: Severe
Recommendation: Remove
Status: Suspended
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software
and get full protection for your PC!
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can’t
guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update
the database!
The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.
‘How ThinkPoint Infects Your Computer’ Video
ThinkPoint Removal Details
ThinkPoint has typically the following processes in memory:
- %LocAppData%\hotfix.exe
- %LocAppData%\tmp.exe
- %UserProfile%\Local Settings\Temp\kjkkklklj.bat
- %UserProfile%\Application Data\thinkpoint.exe
- %LocAppData%\antispy.exe
- thinkpoint.exe
- %UserProfile%\Application Data\hotfix.exe
- %LocAppData%\defender.exe
- %TempDir%\kjkkklklj.bat
ThinkPoint creates the following files in the system:
- %UserProfile%\Local Settings\Temp\kjkkklklj.bat
- %TempDir%\kjkkklklj.bat
- %LocAppData%\PAV
- %UserProfile%\Application Data\completescan
ThinkPoint creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\hotfix.exe”
- HKCU\Software\PAV
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%LocAppData%\antispy.exe”
- HKEY_CURRENT_USER\Software\PAV
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnPostRedirect” = “0″
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “thinkpoint”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run “tmp”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = “0″
Important Article Disclaimer
ThinkPoint
October 24th, 2010 at 9:09 pm
Not able to use my computer thinkpoinnt just comes up.
[Reply]
OK. Reply:
October 29th, 2010 at 8:07 pm
**Run in safe mode. Have you tried that yet? And in safe mode, click START, RUN, type “REGEDIT” (without the quotes) then go to HKEY-All of the HKEYS. And in the HKeys, click on the plus, go to Software, then Microsoft, Then Windows, Then CurrentVersion, Then RUN, click on The folder of RUN, look for ThinkPoint. Hope it helps!**
[Reply]
Brice Reply:
November 29th, 2010 at 12:01 am
I’m not sure how i get past this ThinkPoint screen even when i’m in safe mode ?
[Reply]
Joan Reply:
December 4th, 2010 at 10:18 am
I followed what you did but when I get to current version it goes to internet settings then zone map then ranges. Do you have any other suggestions?
[Reply]
Mark Reply:
November 16th, 2010 at 2:38 pm
I got nailed with this damn thing and embarqmail.com advanced tech support helped me get rid of it. But, there was one aspect of this one that neither of us had ever seen. It invades safe mode also. That’s the first thing we thought of and was surprised to see it there too. The above description in task manager was the only way we could get rid of it.
[Reply]
November 4th, 2010 at 10:50 pm
Oh my God, this think has messed up my entire computer. I have to jump through hoops just to be able to access anything! This sucks.
[Reply]
November 5th, 2010 at 7:24 pm
I would like to thank you so much! This was very helpful and I’m glad to say that these processes got ThinkPoint off of my computer. Once again, thank you.
[Reply]
November 8th, 2010 at 9:13 pm
thinks it’s clever, but it’s a bit rubbish, it’lll let you run windows explorer, hunt it down in the Temp folder, rename it as “goaway.txt” or something similar , and the same in windows/system32, then pull the plug as it won’t let you do a restart.
switch back on and delete the associated files and registry entries…
[Reply]
November 10th, 2010 at 8:22 am
This thing started installing, but was partially blocked by StopZilla, but not until portions installed. Unable to boot.
Accessed drive by installing another drive as primary and installed another opsys. The folder containing identities and settings in documents and settings has been made read only and can’t access the stupid thing to rename or delete.
Any ideas?
[Reply]
November 10th, 2010 at 6:45 pm
So I totally just had this happen to me today….I was kinda scared I may have ruined my laptop. I couldn’t open Chrome or IE. Thankfully I have another computer and looked up ThinkPoint and saw it was a scam. This helped out tremendously. I got it removed!!
Thank you alot!!
[Reply]
November 11th, 2010 at 3:44 am
I had the same problem but was able to get by it by doing a cntrl alt del and starting task manager from there I just ended processes one at a time until I was finally able to get by the blue screen. I still need to find out how to remove that stupid pop up program though trying to run spyware to see if that helps
[Reply]
November 11th, 2010 at 3:47 am
I have windows 7 ultimate and would like someone to tell me where to find this stupid popup from coming up all the time. I actually purchased a stupid serial key thinking that would stop it and like an idiot didnt write it down not that it wouldve worked anyway. I just need to contact my card company right away tomorrow and dispute the charge.
[Reply]
November 11th, 2010 at 3:49 am
my popup says win 7 spyware antispyware 2011 so does anyone know how to get rid of it?
[Reply]
November 11th, 2010 at 10:30 pm
I removed it twice with viper AntiVirus but it pops up every day… what do I do?
[Reply]
November 12th, 2010 at 5:44 pm
I have just followed this process and was able to remove think point thank you for the help
[Reply]
November 13th, 2010 at 1:20 am
hey i tried to go to run and do all that when i get to the last run to open think point isnt in there to click on do anyone no another way to get this off of computer please help…
[Reply]
November 15th, 2010 at 1:14 pm
Thankyou, i followed this + got rid of thinkpoint – extremely relieved!
[Reply]
November 15th, 2010 at 1:18 pm
Thankyou so much – followed the instructions on here & got rid of the dreaded Thinkpoint – extremely relieved!
[Reply]
November 16th, 2010 at 8:19 am
Help! First it was just thinkPoint. Stoped the process thru task manager. left it a while to do chores then returned to browse “history (ctrl H)” must have clicked it’s source and reactivated it again. Avast ((my installed antivirus) detected the malaware. Suggested to “move to chest” but didnt work. Result: my old comp is now in total blackout! only a cursor is visible for an hour now. how to fix??? what happened to it??
[Reply]
rosa Reply:
November 16th, 2010 at 8:22 am
P.S.
It was a sudden blackout few seconds after i clicked “move to chest”.
[Reply]
November 17th, 2010 at 6:59 pm
daughter was chatting on msn when thinkpoint came up thought she was doing right by clicking on thinkpoint but couldn’t understand what was going on. she woke me up saying she wasnt sure what was going on… and then as i was tryin to sort it out, she checked the internet on her phone, searching for thinkpoint. the results came up as thinkpoint being fake and sorted it out herself… thank you so much for having this forum… it has saved me and my daughter being without a computer and saved our wages
[Reply]
November 20th, 2010 at 6:54 am
I get a black screen as soon as i open my computer. what to do?
[Reply]
November 27th, 2010 at 6:53 pm
Our antivirus, Antivirus, popup showed we got a trojan virus, the this “ThinkPoint” came up with the windows logo on it. It want to clean up the our disk. I couldn’t get out of it – didn’t show up the the task mananger, so I turned off the computer, waited and started it up again & “ThinkPoint” was still there. Went onto our other computer and went on search engine “Ask” asked “ThinkPoint” and found this site and followed your instructions (thank you for Nkeeping it simple)& it got rid of it!!! Now we aredoing the full scan of our computer – - THANK YOU
[Reply]
November 29th, 2010 at 5:02 pm
When I click on Hotfix.exe in task manager, it blinks constantly. When I click that YES, I want to remove it, I get an application failed X screen…have repeated this process over and over…
What to do now?
[Reply]
LoneStar Reply:
November 30th, 2010 at 11:23 am
Hi Kim,
ThinkPoint was designed by hackers to prevent you from using the task manager. You will need to look for the file and rename it so it can be removed. If ThinkPoint is not allowing you to remove the file it could be a newer variant utilizing another file. You may use SpyHunter to automatically scan for hidden files that are associated with ThinkPoint.
[Reply]
December 21st, 2011 at 11:40 pm
You’ve got it in one. Couldn’t have put it better.
[Reply]