Thinkpoint

The ThinkPoint rogue comes bundled with the fake Microsoft Security Essentials Alert. It has been found to be distributed and promoted through fake online scanners, illicit websites and online portals.

As a first point of attack, ThinkPoint will unilaterally start scanning the infected PC for any infected programs and malware on the system. It will report on a variety of fake system infections. ThinkPoint will inform the user the only way to remove these infections is to pay for certain modules needed which are not included in ThinkPoint’s Trial Version.

ThinkPoint will further try and convince the user of the presence of fake malware on his system by actually causing the symptoms it reports on. It will block user access to various legitimate programs and executables on the system, most noticeably the Registry Editor and other tools which will enable the user to manually remove ThinkPoint.

When this infection is installed on your computer it will display a fake Microsoft Security Essentials alert that states that it has detected an Unknown Win32/Trojan on your computer. It will then prompt you to scan your computer, which will start a fake scan of your computer that ultimately states that C:\Program Files\Messenger\msmsgs.exe is infected with Trojan.Horse.Win32.PAV.64.a and that it will install ThinkPoint to remove the virus. It will then prompts you to press the OK button, which will reboot your computer to finish the installation

Best software to remove Thinkpoint: Frontline Rogue Remover

Get Rid Of Fake Antivirus Software Within Minutes! Download The Net’s No. 1 Fake Virus Remover Software CLICK HERE 


Manually Remove Thinkpoint:1.

Stop these ThinkPoint processes:%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe

2. Remove these ThinkPoint Registry Entries:
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “thinkpoint”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\hotfix.exe”

3. Remove these ThinkPoint files:
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Application Data\install

Associated ThinkPoint Files:

%UserProfile%\Application Data\completescan
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\install

File Location Notes:

%UserProfile% refers to the current user’s profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.

Associated ThinkPoint Windows Registry Information:

HKCU\Software\Microsoft\Windows NT\CurrentConfiguration\Winlogon\\Shell = %AppData%\hotfix.exe

Best software to remove Thinkpoint: Frontline Rogue Remover

Attention! Because ThinkPoint may disable you from the Internet, try these special notes when removing it:

1. Restart your computer and before it launches Windows, start tapping “F8” key. Highlight “Safe Mode with Networking” with arrow keys and press ENTER.

2. Press CTRL+SHIFT+ESC to start Task Manager. Check for the processes of ThinkPoint and stop them.

2a. If the screen goes black, try launching explorer.exe from task manager.

2b. If you can’t kill Thinkpoints process, Try rebooting into safe mode, repeat 1 & 2 and search/delete for files you have stopped. Then Reboot into safe mode with networking and continue.

3. Open Internet Explorer, choose Tools menu and select Internet Options.

4. Click on the Connections tab and then on the LAN Settings button. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.

5. Download Spyware Doctor and run a full system scan. Delete files identified as infected.

For users that CAN NOT DO ANYTHING in safe mode and Normal mode
Some users claim, that they can not boot or do something in safe mode or safe mode with networking, as thinpoint blocks everything.

1. Reboot, press F8, Choose SAFE MODE WITH Command promt.
2. Enter these commands: regedit
3. Update the the key with the following value [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. CD to EACH USERS Application Data subfolders and delete hotfix.exe
4. Shutdown /r /t 1
5. Press F8, choose safe mode with networking

Frontline Rogue Remover

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>