Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3,845
First Seen: October 20, 2010
Last Seen: June 4, 2021
OS(es) Affected: Windows

ThinkPoint Image

ThinkPoint is a fake security application promoted by the fake pop-up message 'Microsoft Security Essentials Alert'. Fake 'Microsoft Security Essentials Alert' is a misleading message that uses the "drive-by download" method to download and install a trojan file without the user's consent. The trojan associated with 'Microsoft Security Essentials Alert' disguises itself as a hotfix.exe or as an mstsc.exe file. The fake 'Microsoft Security Essentials Alert' is not associated to Microsoft Security Essentials 1.0 or MSE 2.0 in any way.

The fake 'Microsoft Security Essentials Alert' is used to trick users by imitating Microsoft Security Essentials threat reports on a user's computer. The fake 'Microsoft Security Essentials Alert' lists numerous fabricated trojan infections and prompts users to purchase rogue software such as ThinkPoint to clean them.

The fake 'Microsoft Security Essentials Alert' will display a bogus online scan done by 35 anti-malware tools and state that your computer is infected with 'Unknown Win32/Trojan'. Although 30 of the software names displayed are legitimate security applications (like Trend Micro and Symantec), the rest are false. Among the list of rogue software recommended to remove 'Unknown Win32/Trojan' threat are ThinkPoint, AntiSpy Safeguard, Peak Protection 2010, Red Cross Antivirus, Pest Detector 4.1, and Major Defense Kit.

ThinkPoint is designed to entice computer users to download and install the suggested rogue anti-malware programs which will allow the rogue makers a backdoor entry to users' systems. ThinkPoint will start scanning a user's computer alleging to have detected all sort of malware infections and in order to remove the infections the user needs to buy the full version of ThinkPoint. ThinkPoint will make a system vulnerable to other attacks by deteriorating a computer's performance and blocking a victim's access to legitimate security software or websites.

The best approach to prevent from becoming a victim to these attacks is to download a legitimate anti-malware program from a reputable website to automatically detect and remove ThinkPoint from your computer.

Can't access legitimate anti-malware software like SpyHunter to detect ThinkPoint? If ThinkPoint is blocking access to SpyHunter and security websites, do the following:

- Restart your computer and if you see the ThinkPoint interface, keep hitting Ctrl+Alt+Del to open your Task Manager.

- Once Task Manager opens, hit the 'Processes' tab, locate the main ThinkPoint process called 'hotfix.exe' and choose 'End Process'. If your Task Manager is disabled, search for the name 'hotfix' on your computer using your Windows File Search Tool, rename it to hotfix0, and then open your Task Manager to delete the process.

- After this is completed, continue using your Task Manager to go to 'File' menu, select 'New Task (Run)' and type in 'explorer.exe'

- Click the 'OK' button and wait for your Desktop to get back to normal.

- Then, go ahead and open SpyHunter to automatically detect other malicious files related to ThinkPoint and the fake 'Microsoft Security Essentials Alert' message.

If you have already purchased the rogue software ThinkPoint, you should contact your credit card company and ask for a chargeback on your purchase. Ultimately, it is advised you use a reliable, automatic detection tool to detect ThinkPoint from your computer or delete its malicious files manually.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AhnLab-V3 Malware/Win32.Suspicious
DrWeb Trojan.FakeAV.2025
Avast Win32:FakeAV-AWN
Symantec SecurityEssentialFraud
NOD32 a variant of Win32/Adware.FakeAntiSpy.S
AhnLab-V3 Backdoor/Win32.Cycbot
DrWeb Trojan.DownLoader1.38321
Avast Win32:Dropper-gen
NOD32 a variant of Win32/Kryptik.IHW
AVG Cryptic
Sunbelt Trojan.Win32.Generic.pak!cobra
AntiVir TR/Ag.cfx
BitDefender Gen:Variant.Kazy.2774
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.A

SpyHunter Detects & Remove ThinkPoint

ThinkPoint Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

ThinkPoint may create the following file(s):
# File Name MD5 Detections
1. defender.exe 2a00a9dfef3327f15e41e82c085a4c86 17
2. defender.exe ce1ddd2f2d469de0e90150ac0b974e27 12
3. defender.exe 04cc3031f23684488d557f5ea6e1f1c8 9
4. hotfix.exe 179c74c16151e6aeeddc8eb91e25f6e3 9
5. defender.exe 76177ac16bcbb0ac3ef150b89bb5058c 5
6. defender.exe 8012ca5550940d8864ade4f7ce83eeb2 5
7. defender.exe 21c890abefb211b58a32b5aa9738f196 5
8. defender.exe 3c777b5c26d8dc2162c942574fe4ed39 4
9. hotfix.exe 88a88b7a7a42777bf32e0e204062440f 3
10. hotfix.exe a6d104d3bc6d85c5e9b9e656a4750fdd 3
11. shell.exe 661b5b1cc24479ec4677520cae64ade2 2
12. defender.exe 4f4ffeebe20e03d18a7c350b6e86dccb 2
13. hotfix.exe afd10a2cf990761c79aacee513b41c50 2
14. hotfix.exe ad4727114fc97ccb4055d46dfd2ca25b 2
15. hotfix.exe f8cd0b04aac42f40c039ce2143fb25ed 2
16. hotfix.exe e5b90c0a604ee59f6feea5b2486b8e8f 2
17. hotfix.exe 067f1aad447ad831c503a40018f7d0b3 1
18. hotfix.exe e31c1fbc5fd207d4e68929917d198b75 1
19. hotfix.exe ed0bdef1749141ac1f1df028fd866413 1
20. hotfix.exe 09747a8d9002635babfe1a538385d1fc 1
21. hotfix.exe 78933ed077409b8f59d6834ccab97af9 1
22. hotfix.exe 05f87bad36b2971d24f3d13d6ac05545 1
23. hotfix.exe a6f4822788d33c1266458e254460c43a 1
24. hotfix.exe 2c3b021314f26a03eadc47b96bb19827 1
25. hotfix.exe 48a09f918eb0800f6cee4be26568c4a4 1
26. hotfix.exe 30ab9f4bc0edbad859ce0f3c65650dce 1
27. hotfix.exe 3beb275040328d2e32f9e10bbd431230 1
More files


The following messages associated with ThinkPoint were found:

Microsfot Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action.
Click 'Show details' to learn more.
Detected items: Unknown Win32/Trojan
Alert level: Severe
Recommendation: Remove
Status: Suspended
The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't
guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update
the database!
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software
and get full protection for your PC!


Not able to use my computer thinkpoinnt just comes up.

**Run in safe mode. Have you tried that yet? And in safe mode, click START, RUN, type "REGEDIT" (without the quotes) then go to HKEY-All of the HKEYS. And in the HKeys, click on the plus, go to Software, then Microsoft, Then Windows, Then CurrentVersion, Then RUN, click on The folder of RUN, look for ThinkPoint. Hope it helps!**

I'm not sure how i get past this ThinkPoint screen even when i'm in safe mode ?

I followed what you did but when I get to current version it goes to internet settings then zone map then ranges. Do you have any other suggestions?

I got nailed with this damn thing and advanced tech support helped me get rid of it. But, there was one aspect of this one that neither of us had ever seen. It invades safe mode also. That's the first thing we thought of and was surprised to see it there too. The above description in task manager was the only way we could get rid of it.

Oh my God, this think has messed up my entire computer. I have to jump through hoops just to be able to access anything! This sucks.

I would like to thank you so much! This was very helpful and I'm glad to say that these processes got ThinkPoint off of my computer. Once again, thank you.

thinks it's clever, but it's a bit rubbish, it'lll let you run windows explorer, hunt it down in the Temp folder, rename it as "goaway.txt" or something similar , and the same in windows/system32, then pull the plug as it won't let you do a restart.
switch back on and delete the associated files and registry entries...

This thing started installing, but was partially blocked by StopZilla, but not until portions installed. Unable to boot.

Accessed drive by installing another drive as primary and installed another opsys. The folder containing identities and settings in documents and settings has been made read only and can't access the stupid thing to rename or delete.

Any ideas?

So I totally just had this happen to me today....I was kinda scared I may have ruined my laptop. I couldn't open Chrome or IE. Thankfully I have another computer and looked up ThinkPoint and saw it was a scam. This helped out tremendously. I got it removed!!

Thank you alot!!

I had the same problem but was able to get by it by doing a cntrl alt del and starting task manager from there I just ended processes one at a time until I was finally able to get by the blue screen. I still need to find out how to remove that stupid pop up program though trying to run spyware to see if that helps

I have windows 7 ultimate and would like someone to tell me where to find this stupid popup from coming up all the time. I actually purchased a stupid serial key thinking that would stop it and like an idiot didnt write it down not that it wouldve worked anyway. I just need to contact my card company right away tomorrow and dispute the charge.

my popup says win 7 spyware antispyware 2011 so does anyone know how to get rid of it?

I removed it twice with viper AntiVirus but it pops up every day... what do I do?

I have just followed this process and was able to remove think point thank you for the help

hey i tried to go to run and do all that when i get to the last run to open think point isnt in there to click on do anyone no another way to get this off of computer please help...

Thankyou, i followed this + got rid of thinkpoint - extremely relieved!

Thankyou so much - followed the instructions on here & got rid of the dreaded Thinkpoint - extremely relieved!

Help! First it was just thinkPoint. Stoped the process thru task manager. left it a while to do chores then returned to browse "history (ctrl H)" must have clicked it's source and reactivated it again. Avast ((my installed antivirus) detected the malaware. Suggested to "move to chest" but didnt work. Result: my old comp is now in total blackout! only a cursor is visible for an hour now. how to fix??? what happened to it??

It was a sudden blackout few seconds after i clicked "move to chest".

daughter was chatting on msn when thinkpoint came up thought she was doing right by clicking on thinkpoint but couldn't understand what was going on. she woke me up saying she wasnt sure what was going on... and then as i was tryin to sort it out, she checked the internet on her phone, searching for thinkpoint. the results came up as thinkpoint being fake and sorted it out herself... thank you so much for having this forum... it has saved me and my daughter being without a computer and saved our wages 😀

I get a black screen as soon as i open my computer. what to do?

Our antivirus, Antivirus, popup showed we got a trojan virus, the this "ThinkPoint" came up with the windows logo on it. It want to clean up the our disk. I couldn't get out of it - didn't show up the the task mananger, so I turned off the computer, waited and started it up again & "ThinkPoint" was still there. Went onto our other computer and went on search engine "Ask" asked "ThinkPoint" and found this site and followed your instructions (thank you for Nkeeping it simple)& it got rid of it!!! Now we aredoing the full scan of our computer - - THANK YOU

When I click on Hotfix.exe in task manager, it blinks constantly. When I click that YES, I want to remove it, I get an application failed X screen...have repeated this process over and over...

What to do now?

Hi Kim,

ThinkPoint was designed by hackers to prevent you from using the task manager. You will need to look for the file and rename it so it can be removed. If ThinkPoint is not allowing you to remove the file it could be a newer variant utilizing another file. You may use SpyHunter to automatically scan for hidden files that are associated with ThinkPoint.

You've got it in one. Couldn't have put it better.


Most Viewed