ThinkPoint is a rogue (fake) antivirus program that is distributed through the use of Microsoft Security Essentials Alert trojan. Important to know, the program is unable to detect or rid your system of parasites nor will be protect you from legitimate future threats. You need to remove ThinkPoint from your computer as quickly as possible!
When started, this malware configures itself to start automatically every time, when your computer loads. Immediately after launch, ThinkPoint starts scanning your computer and list a lot of infections to trick you into thinking your PC in danger. It will report that was able to clean the majority of infected files, but was not able to cure a few important Windows files, such as firefox.exe, taskmgr.exe, iexplore.exe and offer to purchase its full version to clean them. However, the scan results is a scam, because the program can`t detect any infections. So, you may easily ignore all that ThinkPoint will display you.
What is more, while ThinkPoint is running, it will hide your desktop, Start button and Windows taskbar. Moreover, the rogue will also block Windows Task Manager. When you try to run it, this malware will display a security alert that states:
The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.
As you can see, ThinkPoint is a totally scam, which created with one purpose to scare you into purchasing so-called “full” version of the program. Most important do not purchase it! Please use the removal guide below in order to remove ThinkPoint and any associated malware from your computer for free.
More screen shoots of ThinkPoint
Use the following instructions to remove ThinkPoint
Step 1. Stop ThinkPoint process
Once Windows loaded you will see a window similar to the one below.
ThinkPoint screen
Now press CTRL + ALT + DEL. It will open Windows Task manager. Select hotfix.exe process as shown in the screen below.
Windows Task manager
Click “End Process” button. It will close ThinkPoint.
Now click File, New Task. Type explorer and press Enter. It will back the Start button and task bar.
Step 2. Remove ThinkPoint associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for ThinkPoint infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ThinkPoint. MalwareBytes Anti-malware will now remove all of associated ThinkPoint files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
ThinkPoint removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
ThinkPoint creates the following files and folders
%AppData%\hotfix.exe
%AppData%\{RANDOM}.bat
ThinkPoint creates the following registry keys and values
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “WarnonBadCertRecving” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | “WarnOnPostRedirect” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | “Shell” = “%AppData%\hotfix.exe”
matt and tim, try the following.
Once Windows loaded and you see the ThinkPoint screen. Click Safe startup. Wait while this malware loading. Once completed, give it a chance to scan your PC. Once scan is done, click Continue unprotected. Now in ThinkPoint click to Settings menu. Uncheck Allow Unprotected Startup. Save settings and CLOSE ThinkPoint. It will back your desktop and task bar. Next download Malwarebytes and perform a scan. Remove what it found.
hi, need help. i ended the process for hotfix.exe.and tried to open internet exploreer but when i do it says. “windows cannot access the specified device, path or file. you may not have the approprate permissions to access the item”. all my work is on this computer. i really need help!! thank u
I restarted in safe mode from a black screen and now have multiple lines like:
multi(0)disk(0)rddiskpartition(1)/WINDOWS/system32/DRIVERS/isapnp.sys
along with many others. I have no idea what to do?
Please help if you can
ok, got back to safe mode options. eg. with networking, with command prompt, Enable boot logging, enable VGA mode and others??
Any ideas??
It worked! Thank you very much!
hi
best program ever:D but my gadgets are gone from desktop how can i get those back? just black and white spots there where they used to be.
It`s all good but my gadgets are gone from desktop.only black spots there where they use to be.How can i get them back?
Hi Guys, Everyone of us had little different experiences with think point.
I’m a IT person, so I saw a lot of them already, The worst one was when windows wouldn’t boot.
Here is complete removal procedure starting from the worst case:
1. Windows wont boot (blank black screen)
Boot file is corrupted or missing. You need to run Repair from Windows CD and do FIXBOOT and FIXMBR. That fixed windows booting for me.
2. Next, if windows boots up, but you cant get to TASK MANAGER and anything else, use Safe Mode with command prompt (I saw it somewhere in earlier posts)
””””””””””””””””””””””””’
1. boot your computer in Safe mode with command prompt.
2. Once Windows loaded, you will see a black window – command prompt.
3. Type
cd %APPDATA%
Press Enter.
4. Type
del hotfix.exe
Press Enter.
5. Reboot computer.
6. Once Windows loaded, download Malwarebytes and perform a scan.
””””””””””””””””””””””””
3. Now, I don’t think I saw anybody mentioning in this forum HOSTS file which is also corrupted, even after all infections are deleted you still will be redirected when browsing internet.
Fixing this hosts file is little bit tricky because you can’t change it, deleted, anything.
You actually have to use one of non-windows CDs and boot from it.
I had corrupted HOSTS Files by other viruses before, and Boot able stuff like BART-PE, KNNOPIX,usually worked for me, but with this one it wasn’t the case. With Thinkpoint BARTPE didn’t work, but then I was able to rename it with Knopix if I remember correctly, but couldn’t delete it, so then I had to use Ultimate boot Cd. With that I was able first to change permissions for the file and then delete it.
BTW, HOSTS file is located in C:\\windows\system32\drivers\etc. But you cant even see it it, because the infection makes it hidden – but you can open it, and see it by typing entire path C:\\windows\system32\drivers\etc\hosts )
Another pointer: next to malwarebytes, also Scan with superantispyware, I’ve learned that sometimes it will find more stuff then Malwarebytes
I hope it is not to confusing
Mike
bhav, only Internet Explorer is blocked, other apps are ok ?
ST, try Last good configuration mode.
awesome job… keep it up and THANKS..I can do whatever u say…. I am ready to get fucked by you… thanks for ur help sweetheart.. annie…
Hello,
I can’t believe all of us have the same stupid virus. Anyway I am happy I found this site but pleaseee help!! When I go to task manager there is no hotfix.exe under processes. I even put it into “run” to search for it and it said they can’t find it, but I know I have thinkpoint on here because I downloaded it accidentally because it said it would help with my slow computer or something like that, and now IE keeps popping up randomly and all these other ads keep popping up. PLEASE HELP ME, is there anything else I can do and also there is an icon on my desktop that says thinkpoint and when I try to click on it it says something along the lines of: If you delete this it will remove the shortcut and that is all, it does not open up to anything… PLEASE ANYONE HELPPPPPP!!! I am nervous my computer is going to get screwed up. P.S. If I restore my computer to a day before this was downloaded, would that work???? Sorry this message was sooo long..You can email me to explain what I can do. Korie1019 AT yahoo.com Thanks for being so nice to help us all out!! Ciao
If you bring up the task manager in XP and right click to stop the hotfix.exe process, and then you can’t see the confirmation dialogue box, just hit enter. The box is hidden and the box is activated. you enter and it will stop the process.
i had firefox and explorer locked but thats ok now.as i scanned pc with this malware program.start menu button was okei all the time so was task manager.but gadgets are gone.How can i do this last good configuration?
Patrik: Got a Windows XP Pro upgrade disc. Will that work? If so, what do I need to do? Remember, I need dummy walk-through kind of directions. Thanks again so much.
Thank you so much.. It works.. I want to be your friend.. 🙂
Worked perfectly with the exact instructions, awesome!
Thank god. It’s working^^ luckily there’s a iPod for browser.xD
thnx a lotttttttttttttttttttttt
Hi all,
I am in Australia. I tried numerous website solutions over days but when I get to ctrl, alt delt and open process, I cannot even find a hot fix.exe. I tried all the command prompts listed above to find it and nothing happened. I can get to the internet but I have a pre paid USB for the net and it wont let me even connect to download anything. Help please’!!!!!!!!
THANK YOU. I was completely clueless on how to get this shit off my ass when it didnt let me open anything.
Great Work!
Got this from opening a web page, my AVG did not stop it.
Anyhow great walkthrough
THANKS A LOT….. You’re awesome!!!!!!!
FIX THE DAMM BUSTARD AND BACK ON BUSSINESS
AND THE VIDEO IS GREAT!!!!!!!!!!
I dumped it by runing the the hard drive through another comp. as a drive and scaning the hard drive as an F drive. GONE
Wow. Thnx a lot. I hate these Maleware crap. I was beginning to think I was going to have to wipe my computer. Thnx for saving me all that pain and suffering
this is an awesome solution as everyone already said and to answer the question of how to get rid of it if you can’t get up the task manager is when you start up the computer and it asks if you want safe startup or normal startup don’t click on either just
press ctrl+alt+delete and that will take you to task manager and all you do then is go to processes and find hotfix.exe , end process and then go to new task and type in explorer.exe then lastly download spyware doctor for free and your set. And no i don’t work for spyware doctor and if i did i wouldn’t even get paid.
Korie,
yes, try it.
Mike, please start a new topic in our Spyware removal forum. I will help you.
Carley, download Malwarebytes on another PC, then move it to your computer using a cd disk or flash drive. Run it and perform a scan. Remove all, what it found.
Thank you!