Think Point is a rogue anti-spyware application which was created to lie to computer user about the security status of his machine. In reality, this scam is not capable to detect any computer trouble because it is a masked virus which will use security or other exploits to reach the targeted Operating System. As soon as Trojan infiltrates computer through misleading alert of fake Microsoft Security Essentials, it will start appearing on the desktop and then will continuously interrupt into a normal your PCs functionality. This alert presents Think Point as a “world’s leading security solution” which after checking PC for malware has detected some viruses, like Unknown Win32/Trojan. Additionally, rogue starts claiming that some of the viruses detected can’t be restored because of the heuristic module which is missing. However, Think Point offers to install these required modules but then asks paying ninety or more dollars.
Think Point:
9191 – files checked
10 – files infected
5 – files restored
5 – files can’t be restored (heuristic module missing)
Install the full version with the required modules
Continue unproteted
Remember – if you are unlucky enough to purchase and install Think Point rogue, you will soon encounter more serious PC problems like system degrading or slow down, Internet connection loss and general computer vulnerability (Think Point may let more viruses inside). Besides, this scam is promoted by Microsoft Security Essentials Alert which also promotes Red Cross Antivirus , AntiSpySafeguard, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit, so it obviously should be removed immediately upon detection. Get a reputable anti-spyware and remove ThinkPoint!
UPDATE: A new version of Think Point has been released and published recently. Be careful with this infection and make sure you remove it as soon as possible.
Note! Because ThinkPoint may disable you from the Internet, try these special notes when removing it:
1. Restart your computer and before it launches Windows, start tapping “F8” key. Highlight “Safe Mode with Networking” with arrow keys and press ENTER.
2. Press CTRL+SHIFT+ESC to start Task Manager. Check for the processes of ThinkPoint and stop them.
2a. If the screen goes black, try launching explorer.exe from task manager.
2b. If you can’t kill Thinkpoints process, Try rebooting into safe mode, repeat 1 & 2 and search/delete for files you have stopped. Then Reboot into safe mode with networking and continue.
3. Open Internet Explorer, choose Tools menu and select Internet Options.
4. Click on the Connections tab and then on the LAN Settings button. Uncheck the checkbox labeled Use a proxy server for your LAN under the Proxy Server section and press OK.
5. Download spyhunter and run a full system scan. Delete files identified as infected.
For users that CAN NOT DO ANYTHING in safe mode and Normal mode
Some users claim, that they can not boot or do something in safe mode or safe mode with networking, as thinpoint blocks everything.
1. Reboot, press F8, Choose SAFE MODE WITH Command promt.
2. Enter these commands: regedit
3. Update the the key with the following value [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. CD to EACH USERS Application Data subfolders and delete hotfix.exe
4. Shutdown /r /t 1
5. Press F8, choose safe mode with networking
6. Download spyhunter ( https://www.2-viruses.com/spdoc.exe ), update, do a full system scan and delete what in detects.
7. Reboot, scan last time with spyhunter, Malwarebytes Anti-Malware and your antivirus. If you haven’t done in a while, update these tools
We recommend upgrading to full versions of either spyhunter or Malwarebytes Anti-Malware to stay protected from this malware in the future. A decent internet security suite would protect you as well.
As of 2011.03, thinkPoint was replaced by CleanThis malware that is very similar to its predecessor.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Another reason to use a Mac and not a PC
pardon me but ffs i dowloaded a movie and got cought with this thing luckily i have 2 computers unfortunately i had installed and so on and tried to remove again and again and it refuses to go away i killed the hotfix.exe or atleast i think i did cuz im online now i have used avira malwarebytes and superantispyware all sposta egt rid of it all unable to do soo
same problem i cant get this stupid thinkpoint off even under safe mode it wont allow me to access registry
ya i bought ipad comps are always pc’s are always having problems ..least mine are
I went to cnet.com downloaded hitmanpro3.5 trial version and that isolated it…. and removed it! Yeah!
John : Read turorial how to enable regedit: http://www.2-viruses.com/how-to-enable-task-manager-and-registry-editor-after-malware-attack .
Hi! I have think point virus since 2 days ago and I did all what you have said(Malwarebytes’ Anti-Malware, ad.aware) but after that my internet it´s not working, I did in safe mode with networking, and I doesn´t work either, I have checked the folder of the network connections in the control panel, it´s there, but nothing inside and I can´t activated the network connections, I have WINDOWS xp, the usb it´s not working also, someone can help me please.
The problem it´s I don´t have internet and I can´t scan with more programs, and the network connections says be sure that the network connections is activated and it´s working, but it´s impossible to activated!
Rosa:
Check the proxy server in your browser. Also, you can download and put some of programs into USB disk ( I would recommend TDSS Killer from kaspersky first). Also, check out this guide : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
Thank you. It saved a lot of time today.
@john
i had the same problem. I opened in safe mode and did a restore to a prior date and the problem was fixed.
Hi Admin thank you for your advises I check the website and the hosts are ok, but the thing is I don´t have the network connections, the folder is empty, I have check a lot of things that I saw in different websites and I think the virus it´s removed, but I don´t know how to make appear the network connections. thanks a lot!!
thank you so much. i could remove thinkpoint and antimal vuruses successfully. thank you so much for ur help
HI admin, problem USB disk is not working, I can not connect any USB disk. I have followed the guide you mentioned but nothing happened.
OMG, I need help.
thx
In Safe Mode, the desktop may still fail to load, seemingly blocked by Thinkpoint’s startup splash screen. If this happen, use CTRL+SHIFT+DEL to open the Task Manager, close hotfix and ctfmon (both will have *32 next to their names). After this, go to the Applications tab of the Task Manager, click “New Task,” and type in “explorer.exe” (without quotes). Press enter, and your desktop should load right up!
Hey, im somewhat of a novice with computers, im having similar problems. Even if i open my computer in safe mode with networking, thinkpoint still comes up. using task manager i can kill hotfix.exe which makes it go away, but i just get a black screen with “Safe Mode” in each corner and im unable to see anything on my desktop. I’m using another computer right now, can somebody instruct me on what to do?
Hey i need help,
I have down the step where i to alt cntr delete and remove hotfix. But when i go to new task and when i type explorer.exe when i try to open it says something about not being able to have permission. Then the screen goes black. Please please help, i have a lot of important folders that i cant afford to lose.
Very useful info I took the steps on how to remove it and it work .. thanks for saving money and time
Tony : try to execute this first before running explorer : cacls “C:\Windows\explorer.exe” /G Everyone:F . Make sure you have killed hotfix.exe before that!
Hola, muchas gracias por la información fue contundente. mil gracias.
thank you!
Hi I have presed CTRL+SHIFT+ESC and windows still keeps coming up ! help ??x
I’ve tried all the above and I think I’m truly screwed. Can’t access task manager or anything,just goes right to generic password screen for which we’ve tried every password we know but obviously it’s ThinkPoint so there is no passwords^
I did scan and everything but how can I delete files? Spyware Doctor says that I need to register if I want to delete files and for registering I need to pay. Is there any way to delete ThinkPoint for free? Please help!
oh my god . so , i have this “anti virus ” cleaner on my computer. i have no idea how i got it to install because i have never seen it before . ever . so , a couple of days ago , i started my computer and thinkpoint came up . it wouldnt let me log in , start task manager , etc . so i just let it be , thinking it was overheated or whatnot . but then , i needed to use my computer today , so i started my computer . i saw thinkpoint again . i restarted multiple of times and i still saw it . i went onto a different cpu to search how to demolish it from my cpu . they didnt work . Think point pops up after i logged in , instead of seeing my desktop , i see a black background with ThinkPoint on it . i got so mad . i tried getting the Task manager , but it said that the admin wouldnt let me . and so i say , what the heck ? im the admin .. i tried about everything . i downloaded malwarebytes anti malware onto this computer , burned it onto a CD . and tried it on the infected computer . didnt work either . because stupid thinkpoint prohibited me from accessing any necessary programs i needed to get rid of it . ugh . PLEASE HELP !!!!
Thank you this just happened to me. I found this info very helpful. Thank you again
Showed up at 7 p.m. tonight. Trend Micro did me no good. Spent 3 hours trying to remove with instructions from geekpolice.net. No good. It’s taking over even in safe mode and I cannot get system restore to work even in safe mode. Can’t power down the computer except with the power button. Can’t get to task manager. Nothing’s working. This thing has shut down my wife’s embroidery business. Hasn’t affected the home computers. What now?
thank you admin and all that have posted helpful resolutions
Helpme!!: I recommend using full version of spyware Doctor. In other case, I recommend stopping the process spyware doctor detects. Then search registry for the processname.exe (usually hotfix.exe) and delete the key (without that it might make your user account unusable). Then delete the file (expand spyware doctor’s detected location) Then reboot.
Tom: check if you can download process explorer, or see our guide on reenabling task manager. Both might help. Try creating another user account and login into that account to perform removal. There are still things you might try.
If it fails, you will need to scan with alternate OS scanners (Avira I believe has one free, so does pctools and symantec ).
Ok so I tried to follow the steps above, but when I try to run the last step: “New Task” -> “explorer.exe” it won’t start. It says that it cant open the file, due to my internetsecuritysettings. also, how can I restore my computer back to a prior date?
I can’t get this spyware off my computer. please help.
I was having this same problem yesterday. It loaded when I was online at 9:45 pm and after some ‘warning’ it restarted on it’s own (I didn’t click anything) It showed me the ThinkPoint. It wouldn’t show anything on my desk top untill the 3rd manual shutdown and this totaled to be an hour before anything showed up. My current Spyware was being fixed as well so I don’t have a current spyware to remove it (also couldn’t find in add/remove under control panel). The internet also doesn’t open up (but I used search and some things don’t open)
I turned my computer on today and found thinkpoint – here’s what i did:
in the new task run box i typed explorer.exe and a box pops up and says,explorer.exe is not a valid win32 application. please help.
Hello Admin, I am having the same problem, I am able to lounch a Mcafee, can mcafee clean thinkpoint? Please help?
help! thinkpoint came up yesterday and it won’t let me onto pc’s internet. i followed instructions with safe mode and task manager, but after ending the hotfix i got a black screen with safe mode on all four corners. where do i go from here, admin? thanks for your help
Hello. My computer has managed to contract the Thinkstop virus. On first seeing the alert window pop open I didn’t differentiate between Thinkstop and my usual security systems and allowed the restart. Now wach time I start my laptop I am confronted with a Thinkstop windao with the only otion for me to select being ‘Safe setup’. I haven’t yet selected this because it seemed very suspicious, but insteaad have tried to work around the problem with your advice here. I have gotten as far as ending the process hotfix.exe several times now but cannot find the process thinkstop.exe on my Taskmanager. After ending hotfix.exe the screen behind is completely blank and I cannot see my desktop let alone open any program or the Internet. Might you please give me some advice on how to manage the situation? Shall I allow Thinkstop to run and hope that I can access the Internet?
@Nickan
hey nickan, i had the same problem. after deleting the hotfix.exe on task manager, go to File, Run New Task, and in the space type explorer.exe which will bring back your desktop and taskbar. then bring up internet, click Tools, Internet Options, Connections, LAN settings, and uncheck (if checked) box saying “use a proxy server for your LAN”, then run Spyware Doctor as above mentioned. hope it helps you! it worked for me.
AliCR: Try running task manager and starting explorer.exe (C:\Windows\explorer.exe )
ACE : Unlikely, you can try though. ThinkPoint is really fresh and Mcafee is not too good against these.
Norton Power Eraser worked wonders on Think Point
@Richard Johnson
if this happend to a mac no one would know how to fix it
Hey, I managed to stop running hotfix.exe and got to the desktop where I eventually installed malwarebytes and ran a scan. It found around 15 items of which it was able to delete all but one, it said the one item required a restart to delete, it seemed to have some problem with deleting it. I restarted but am now still having problems as some part of the virus appears to be interferring with my internet explorer and other stuff. When I try to do a system restore it says it has been turned off by group policy. I have run a scan of the C drive with Microsoft Windows Malicious Software Tool however it does not appear to find anything. I looked for a few of the hotkey files that are dangerous but did not find them, I’m not really sure what part of the virus is left on my computer and how to delete it, any suggestions?
Thanks.
People who have troubles with running explorer.exe, try to boot in safe mode with console (instead of safe mode with networking). It worked for me.
This thing hit me about 5 hrs ago. Don’t understand much about computers, but I already have the Webroot anti-virus protection…..so I was pretty angry to see this Thinkpoint with it’s Microsoft logo popping up & blocking me from doing ANYTHING. I shut off everything….even removing the battery from my laptop….tried to restart 3 or 4 times. Somehow I stumbled into something called “system restore”……and I think everything is working normally again. Once I COULD access the internet again, I did a SEARCH on this Thinkpoint….and sure enough……..I’m learning all about this virus. Thanks to you and the other sites for the info…
I also got the Thinkpoint virus, I haven’t been able to get my task manager to come up, i have logged on as admin. can I clean this up with the admin or do i have to log in as user. I am on another lap top right now
i don’t understand, I’ve read all the solutions and I can’t get pass logging in with my user name, I went to safe mode and then as soon as i logged in, it goes right to the think point screen and I can’t do anything.
I got rid of the thingpoint virus by using ctrl alt delete and accessing task manager remove the think point (qick fix) virus and in applictions access new task type in explorer.exe. You may have to do this two or three times. It works and I’m a novice at computers.. just stay calm and relax..
The problem is you have to do this everytime you start your computer, can anyone help me. I hate having to do this every start up.
I don’t know how to stop thinkpoint at 2. Press CTRL+SHIFT+ESC to start Task Manager. Check for the processes of ThinkPoint and stop them
do I purchase a software to delete those files? Am I getting a license number after go thru the checkout procedure?
i have a trouble related abaut think point programme .i tried every solutıons but i cant.my computer is starting but cant enter the internet.please help me
rastadog: just try running regedit and deleting keys to process referencing thinkpoint process. Then Reboot. It would be recommended to have a good anti-malware tool to protect from similar problems in the future.
Al: You can do it manually (no purchase is necessary ) or with help with removal software (some of the software is commercial). If software does not detect (after update) anything malicious, do not buy it.
dear admin,
How can I remove manually after I get scan result from spyware doctor?
Al: Expand each of the items. See the files it detected. First, search in registry for entries referencing these files, and remove them (if they are under hkcu ) Then delete the files. Run CCleaner (highly advisable).
I did all what you advised: bypassing the ThinkPoint screen and downloading Spyware doctor. It found some threats and infections and cleaned them out. As I restarted my computer, ThinkPoint screen STILL comes up! Again, I clicked “full scan” in Spyware Doctor to ensure to find this virus but it came up empty. What did I miss?
Lisa: Update SD , Do a full system scan. If it does not help, contact SD support for help, try searching for malware executable under C:\Users\.. or try other malware removal tools (check our comparison). No antimalware tools are 100%.
Downloaded spyware doctor registered, ran it, removed threats – ThinkPoint is still holding onto my computer…..how insidious is this thing??? How in god’s name to I get rid of it….. I need my computer, I work from home and I am out of business at this point. I also tried Webroot and it didn’t do crap.
amcbeancounter: First thing first, run Run CCleaner to remove leftovers in the temporally files. then look for executables in C:\Users C:\Documents and Settings and delete them, or rename them temporally. However, I recommend you to Contact PC Tools support – They will help you with removal procedure, as you entitled for support. They will update software for other users as well.
went to safe mode and was able open task manager went to task manger help topics and followed steps from there to an earlier restore point or close to what we could once that work and were able to get on we uninstalled the program as fast as we could before it could effect anything
I contracted this disease earlier today, much to my chagrin, and fortunately did not allow it to fully install itself on my computer. Not a computer genius, here’s what I did to get out of the mess. Follow the above instructions #1 to the letter when restarting your computer. Just as Windows was booting up there was a note in the lower left corner to hit the escape key to run in safe mode, and you have to hit it fast. Make sure when the safe mode options come up, that you select the “Safe Mode With Networking” as this will get you to the internet, and around ThinkPoint which is blocking access to the internet. Once on the internet, I lauched Spybot, did an update and ran a Spybot Scan, and then launched and updated Malwarebytes and scanned again. Both scans were done while still in “Safe Mode With Networking”. Both programs found issues and repaired/removed them. When both scans were completed, I then rebooted in “normal” mode and so far have had no further issues. I’m sure comparable programs will work, this is just what I had to do to get out of the mess.
How do you delete the files that Spyware Doctor found? And when I end hotfix.exe my comp doesn’t finish booting up and the screen stays black.
I was able to find the files on my computer and delete them. However my wireless connection is still blocked. Any ideas how to fix this. I am able to get online if I am plugged in through e-net cord.
Tess: You should reinstall drivers or check if wireless connection uses some strange DNS server.
I have the Thinkpoint virus. I’ve done task manager several times and shut down the hotfix but now the only screen I can get to come up is the big blue Thinkpoint logo page where the options are “Normal Startup” or “Safe Startup”. How do I get to Internet Explorer or Google to download a remedy?
Kurt : start a new task from task manager: C:\Windows\explorer.exe
That worked. From Safe Mode I downloaded the paid version of Malwarebytes, ran a full scan and then dumped the infected areas. After it restarted it seems to be running great…so far.
Just got this virus 2 days ago. I’ve tried a few different things that have been talked about here. I went into Safe Mode with Connections, and ran Malwarebytes. It detected only 1 problem. Thinking it was finished, I restarted my computer…then it shut down by itself. Now I can’t start windows normally because it freezes. If I let it count down to zero, it freezes. If I try to start in safe mode, a few lines of code pop up, and then it freezes. Please tell me there is something I can do other than reformatting my computer or taking it to a specialist.
I have read most of these and I have the same problem but I can’t do anything at all! I can’t do the ctrl-shift-esc, ctrl-alt-dlt , can’t get online at all no matter what kind of safe mode I am in and as far as I know my daughter’s laptop didn’t come with a recovery disk, and she never made any recovery points as far as I can tell. I have no idea what to do. She has malaware installed and I plan on trying that. I tried avg and that didn’t find anything. I thought this crap was just a regular windows update, since my daughter never does her updates, I did them for her today and this is just irritating the hell out of me. I am at a total loss of what to do. I don’t have the money to get it professionally fixed. any suggestions?
I contracted this “ThinkPoint!” earlier today on a laptop. At first, ThinkPoint was the only thing up asking me to purchase a program. I then used the task manager [crtl+shift+esc] to open up the computer. From there, I tried to restore the laptop to a previous point. I tried several times at different restore points, and it still says it the restore was unsuccessful.
Is there anything I could do to remove this?
I had this and it had a very tight grip on my computer. Malwarebytes did not work the first time through.
I finally was able to find the file using task manager, rename it, delete it, remove it from recycle bin, and then run all the malware, spyblaster and cc cleaner.
Tough couple of days for my little laptop.
PS definately run the fix it programs from a usb drive until clean.
i was able to get as far as downloading spyware doctor. after it finished running the scan i tried to get online and no longer have internet access. any ideas???
That stupid virus is a piece of crap!!!!!!!!!!!!. i hate it but this site helped me save my lap top!!!! thank you
hi, i have the same problem as the rest but worse, I have tried all the above fixes but nothing works, i can’t even access Task Manager, as try do this Think Point box appears saying ”taskmgr.exe was shut down due to security reason” , so I can even get to the hostfix.exe inorder to kill it, I can’t access internet explorer so I can’t download any Spyware Doctor, the ”Use a proxy server for your LAN” is unchecked, Iv tried “Safe Mode with Networking” aswell, problem started 24/10/10, I’v tried locating the files mentioned above c:\windows……… etc but I get the Think Point Pop Up Box appear when i click on them so i can’t deleted them from there either, The Comp is Windows XP,
I am out of ideas Could you please HELP , Thank You
Munson: Do a scan with Spyware Doctor and TDSS Killer. Try deleting hotfix.exe (somewhere under users).
Chandra: try doing this. STart->run and execute taskkill /F /IM hotfix.exe . It should stop Thinkpoint window. Then run C:\Windows\explorer.exe. Then try going on internet, if it fails, see this guide: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
Delete hotfix.exe file. Do a scan with Spyware Doctor.
Becky: You are halfway there! Just disable the proxy server in browser. Typically, if the internet vanishes during cleaning, means that malware process was killed and it was monitoring your internet connection using fake proxy server.
Adnan : Run TDSS Killer first. Also, read my response to Chandra
@Richard Johnson
You misspelled “Linux” as “Mac”
Seriously though, if you had even half as many people using Macs as there are using Windows they would have the *just as many* virus and mal-ware problems as Windows.
Hi Admin……..I got completely out of mind when it had affected my laptop.Now it has been removed by doing the mentioned steps…u guys doing a great job…..Thanks Admin…GOD BLESS YOU…………..
I can’t believe microsoft windows allows such virus programs to run on startup without being in msconfig startup list? Come on, microsoft has been around for sooo long now. Why don’t they grow up and make a decent operating system.
And why is there no agency who can track down where the money goes and give these people some serious prison time?
Ok im only 15 but im pretty sure ive fixed the problem since thinkpoint is not on my computer at all soo what u do is if ure on a windows that is from 2005 to 2010 use system restore it will instantly fix ure problem if not download AVG and Anti Malware and it will remove the problem *Warning it will not allow you acces online so use another computer download to a flash drive and install* also if all else fails go on task manager and kill the process with hotfix in the name it will allow you internet access nd you can find a solution if I didnt help
Help! I got this virus today and have tried to bypass it using start in safe w/networking but I can’t get to the task manager. I have tried 3 times. I can get to the screen where I choose safe w/networking and then it takes me to the thinkpoint box. What do I do??? This is the 2nd virus this week!
what is TDSS??
help please, I got to the task manager but when I went to processes but I dont know which one to end, none of them say “thinkpoint” but I haver think point taking over my desktop,
do I end the process of hotfix.exe ?
Hal: No operating system is safe from virus 🙂
Tran: Microsoft windows is open for developers, thats part of their success. They can not use whitelist to allow specific applications to run on startup. But yes, it should be improved. Lets hope Windows 8 (scheduled for 2012) will have some useful changes for security.
Karen: Try to kill hotfix.exe process with all the ways possible. Some are listed in comments. Then run automated removal tools to clean up the system.
Adnan : TDSS aka Alureon is one of most popular rootkits that are installed together with advertisements that show fake antivirus warnings. It prevents some of the removal procedures for particular malware, also, it is used to redirect google searches and redownload parasites. Although some other rootkits/trojans can be used with rogue AV, TDSS is good first bet to check for.
Rootkits are more difficult to remove compared to other types of parasites.
K: Kristen yes, you should end process called hotfix.exe . Yes, you can safely terminate it.
I have been able to kill hostfix.exe but i still can’t access internet explorer, i tired adding a new task on Task manager (explorer.exe) but that just redirects itself to ”My Documents” and that opens up.
could you help please.
Adnan : Use TDSS Killer and spyware doctor from usb disk.
@Zac
hey thanks Zac…. this tutorial help… But I didnt know
how to go to the desktop… thanks man!!!
Here is what u do.
Once the system is started up and the Thinkpojnt logo is on the screen, hit control-alt-delete and that will allo u to kill the process hotfix.exe Once that is killed the blue screen remains. Simply hit cntl-alt-del and select file in task manager and then run. type explorer and your desktop will return. when desktop is back go into start- run and type regedit. in regedit you want to search and remove all instances of “hotfix.exe” with no quotes. Once the first one is found, right click on the right side of the registry editor box where the entry is and remove the entry. Hit F3 to search for all other entries. Once the registry is cleaned goto start-run and type msconfig. Run it and uncheck all unwanted programs you dont want starting up. Restart the machine and you should be good.
BitDefender’s free linux-based scanner CD (updated online during use) effectively removed all ThinkPoint components from a Win7 installation last weekend; took about an hour. Several other linux-based scanners did not find it, and MSSE was running and up-to-date when it was contracted, no help there.
Hi, I want to thank you admin, you have saved my life. i Would’ve gotten an F on my assignment due to this virus, i can’t understand how people can make these programs just to screw up for other people. It makes me sad that some people go through this not knowing what to do , and may not even have a lot of money and their CP’s brake.
Anyways thank you, it worked out, i killed hotifx then started the new task explorer.exe, my comp loaded up as usual and i got avast which cleared my comp of all viruses
And another thing is, this virus is really weird, how exactly does it attack you? I was checking some really regular sites, all of which i know are very safe and would never infest someones comp, for example (youtube,google,facebook etc.) The malwaredoc and thinkpoint piece of shit just popped up. which scared me :S cause i’ve had these problems before. I want to thank everyone here again and I hope everyone is able to work out their problems just as i did.
Thanks!
@Richard Johnson
Linux still has less viruses than OSX, and is more configurable than either Windows or OSX. Plus, I can run all the software and games I would ever need.
Thank you George perfect instructions…my stomach ache is gone)
Muharem: Update your Avast to internet security version. There are couple ways for thinkPoint enter your system: Malicious javascript/other vulnerabilities, infecting perfectly normal websites, bad advertisement (doing the same), or you got infected some time ago with rootkit/trojan that was dorman on your PC. I always recommend scanning with couple tools after removing infection like that. Spyware Doctor, Hitman Pro (http://resellers.hitmanpro.com/9182137/HitmanPro35.exe ), MBAM would be good choices.
Long Johnson : care to provide some sort of official statistics about Linux and OSX malware amount comparison?
Okay so i have done everything, deleted processors, ran malwarebytes deleted the viruses and restarted! Done this in both safe mode and normal, but will not let me access the internet. I typed it into the task manager – new list area too. Still nothing. When Ever I get close to opening the internet it says it cannot be accessed and closes.
Someone please help iv searched everywhere on the Internet to fix this!!
Taryn: Try scanning with Spyware Doctor http://www.2-viruses.com/spdoc.exe and then Hitman Pro http://resellers.hitmanpro.com/9182137/HitmanPro35.exe / TDSS Killer.
1. Boot Into Safe Mode w/ command prompt and enter the following commands:
CD Application Data
del hotfix.exe
del install
del completescan
regedit
2. Update the following key with the following value >> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. Enter the following command into the command Prompt: Shutdown /r /t 1
I’ve tried eveyhting I can think of. When I start up, the thinkpoint comes up. I’ve tried going to the control panel but that doesn’t help, as it says it had to be shut down security reasons. My mcafee opened but it was outdated, and that didn’t really help. I’ve tried exiting, but the only thing that has actually properly worked in my docking station. I can’t access my Internet, nothing happens when I press alt+f4, and my computer wont run in safemode. I can’t do anything, and I don’t really get this whole ‘hotfix’ thing. Pleassse help! I have files I can’t afford to lose. 🙁
Well, my computer is working absulotely fine, but I’m still paranoid, and I’ve been reading to ‘execute hotfix’. What is it? Please explain. 🙂
@George D
George Thanks for the great tip!!! I was able to remove think point and safely get on the computer with your instructions BUT now I shut my computer down
started it back up and I now can not get on the internet ggrrrrrr!!!
I checked my settings and I have nothing listed under interent properties to config my wireless connect again!! HELP!!
I have thinkpoint on one of my desk top computers. When I start in safe mode thinkpoint is there also, stopping me from connecting to the internet. If I buy spyware dr at the store will this remove the virus?
thanks you really came thru
excellent step by step
its fixed thanks again
@Nickan
I fixed this today on my sis’s PC, it was easy but took awhile:(
Had to manually shut down.
Reboot w/f8 to normal safemode(WITHOUT networking,Important!) since the virus has infected network connections.
Log in as Admin… click NO when asked to continue in safemode, this will bring you to System Restore.
Pick a date before you were infected & let it restore:)
Unfortunately, this simple process will take a long time since the virus is bogging the system down still. Be patient when it seems the system is hanging… eventually, it will autoreboot & restore.
@Phil (IT)
I tried this but step 1 didn’t work said location couldn’t be found. also step 2 was exactly the same as what you suggested yet still I cannot connect to the Internet. I’m now going to run the spyware doc and see but I have a feeling I’m
Never gonna be able to connect to the Internet.
I did kill think point and use spyware doctor removed . But the thinkpoint is not go away. I try to run the spyware doctor and malware byte but zero item found.
now every time I have to end task hotfix.exe in order to open up the computer.
The comouter is working fine with enternet but the thinkpoint is still there.
can you help me how to delete the thinkpoint. Thanks!
M’kay, so I follow this to the letter, basically, and when I open the page with safe mode with networking and I’m able to delete the processes, however it gives me a blank screen and I’m unable to gain access to the internet. I cna run task manager, but I cna’t open processes. Help?
Annie
Do not execute hotfix – thats malware file name in this case. If you had ThinkPoint popups, do a scan with several tools to check that it is really gone.
Dianne: Reboot into safe mode with networking and check if it works from there. See this guide too : http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem . In some cases the malware is not fully gone, just the visible part. Then one should scan with anti-rootkit tools and additional malware removers.
John: I do not recommend purchasing just now in your case. Make sure you can run it first 🙂 I recommend trying this first:
1. Boot Into Safe Mode w/ command prompt and enter the following commands:
CD Application Data
del hotfix.exe
del install
del completescan
regedit
2. Update the following key with the following value >> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. Enter the following command into the command Prompt: Shutdown /r /t 1
This approach should work in your case. Afterwards, scan your PC with free Spyware doctor scanner. It might find leftovers and other infections that downloaded the thinkpoint one (that is usually the case).
Tony Ng: Rootkits are the problem. Run TDSS Killer and then Spyware Doctor again. Then you could try running hitman pro http://resellers.hitmanpro.com/9182137/HitmanPro35.exe (it is quite good against rootkits and has free trial) and spyware doctor again. It happens, that one malware process (rootkit) hides and protects other processes.
Try this, Nick :
. Boot Into Safe Mode w/ command prompt and enter the following commands:
CD Application Data
del hotfix.exe
del install
del completescan
regedit
2. Update the following key with the following value >> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. Enter the following command into the command Prompt: Shutdown /r /t 1
Then do a scan with spyware Doctor, http://www.2-viruses.com/spdoc.exe . Update prior scan (important)
I got this virus from clicking on a halloween image on google. I followed the instructions to remove it..so I thought. I was able to open task manager,delete hotfix, tried to run my spy sweeper but realized I had to upgrade to get it to virus scan. I ran it in safe mose but was then instructed to restart. I did that and now I am not able to do anything in any type of mode. I am getting a windows error recovery message stating windows failed to load because a critical system driver is missing or corrupt…help!
n’t get
Ok, I am also another unlucky person to get this thinkpoint. I am running (trying to) Windows Vista premium home edition on a gateway laptop. I have tried to remove the hotfix.exe at the task manager window but when I do my screen goes black and cannot get anything…even windows. I’be tried in safe mode with and without networking. Am I missing something?
Stephanie: This is due to rootkit in system files. Contact PC Tools support, they will walk you through that.
Eric: hit ctrl+shift+esc after you get black screen and laucnh explorer.exe
I was lucky after many tries.
bootup in safe mode, the log on to administrator, not the user with the problem.
from there, regedit and find and delete “hotfix.exe”.
I also deleted hotfix from “documents and settings/username/application data.
let me know
Um how can i removed it? thinkpoint start it after i enterned the password in my window vista
@Amy
Nvm I should have read comments.. But now I get black screen and when I tried the command prompt method it says the system can’t find whatever command I put in
@Richard Johnson
Or linux. My parents just got this virus (that’s why I wound up here, trying to fix their problem). Personally I use a mac but I’ve become disenchanted with Apple since (even though they have good service, as they have become more and more powerful they have proven themselves as money-hungry capitalists just like Microsoft, putting all kinds of restrictions on their hardware and software. I was quite frustrated at this when my hard drive failed and I found I could not use a usb stick to boot into linux in order to attempt a recovery of my files, because Apple’s bootloader prevents this. In their favour, they did replace my hard drive for free because it was still under warranty).
Someone I know who once showed me one of these scams as it popped up on his linux machine, with its Windows theme showing a “Microsoft security alert”. Nice try…
I found the thinkpoint executable via a search; it was located at C:\Documents and Settings\Administrator\Application Data (couldn’t find it initially based on what was given).
@Nick
Nick: I was confused about this too. Once you get your task manager up, click on File, New Task(Run..) and type “Explorer” in the dialogue box that comes up. This will give you back your taskbar and desktop icons, and you should be able to go from there.
Hey, Some of the tips here helped but what it all came down for me was to restore my computer to a previous time. My question though is if it completely fixed the problem. So far I don’t see this ThinkPoint anymore, didn’t get it when I started my computer up so i’m assuming it’s gone. Going to check for spyware, viruses, etc. now in hopes of not ever seeing it again. 🙂
Unfortunately this just hit my PC. I mistakenly clicked on scan online, but did NOT click ok when it asked to download the file. I immediately restarted my computer afterwards, and now I don’t see it popping up and am able to access the internet (obviously). Am I safe?
Will McAfee security centre remove think point?
Read removal instructions. You should disable thinkpoint by launching task manager while being logged in (ctrl+shift+esc) . Then rename/delete hotfix.exe and scan with malware removbal tools
Mona: Now linux/Mac is no longer safe too. Koobface worm (written in java) specifically targets Mac users, though it can infect linux as well.
Ks: Try it. Usually it is hard to say beforehand, as these parasites update daily.
@Richard Johnson
Hey listen, this has happened to my 3 times and the latest attack happend last night! There is honestly no need to purchase or download anything or restore your computer to remove the “virus” from your computer. All these things are
are applications that were downloaded into your computer and have been given the command to automaticly run or exe. to override your normal computers fuction.
All you need to do is find the application folder in your hard drive
whether it be red cross, hotfix(thinkpoint) or whatever…
a very easy way to find the folder if your not sure of the name is to go
by the date, any and everything downloaded on your computer is dated and timed! so if you know this happened on 10-30-10 at around 1:30am, you can pinpoint the application folder.
once you have found the application folder, move it to your desktop(it just makes it easier to not find.)
now all you need to do is delete that application folder…but wait
it won’t delete at first, it will tell you that it cant delete the folder because the application is open! and that’s one of there many tricks!
what your gonna need to do is open your task manager and stop the application from running, or just close the application if you can
then delete the application folder and your good.
@van
for thinkpoint ya gonna wanna click the box where it says setting
select the circle where it say remove threats…then check the box at the bottom. Do another full scan. When the scan is complete click one of the any one of the big boxs up top except for the settings box agian…When you click you should see the big grey box that says continue unprotected at the bottom,
hit continue unprotected…I think it will pop up twice
if not, and the grey box disappers! then click the red X to close thinkpoint and it should take you to your main computer screen where you can acess your files to remove the application! Many times they will try and over ride your task manager so be careful. Remember, this is not a virus
this is stuff is fruad, somebodies scam to make money! you don’t need to pay a dime or download anything to get your computer running again.
George D
Thank you, thank you, thank you. Your suggestion worked perfectly. I got rid of this nasty pest per your instructions of deleting hotfix.exe via regedit. Thanks for taking the time to hlep.
cheers
@George D
I’m wondering if this is a windows 7 thing
because this never happend to me with vista.
I tried Norton Power Eraser, it did not work. Tried malwarebytes, it did not work. Tried to find the hotfix.exe and remove that, could not find it. Still my computer cannot access the internet. I am using a different computer. What am I doing wrong?
I have the thinkpoint virus. I tried shutting down my computer to restart in safe mode but it has me completely blocked from starting my computer. I can f8 but it won’t even reboot in safe mode or any mode. It just starts to boot up and then goes back to the screen that had the choices of safe mode etc. So it I can’t get my computer to boot up what do I do to get this thinkpoint off? Help
I got this 2 days ago and it is driving me nuts. I turned my laptop off and turned it back on i logged in and clicked Ctrl Alt and del. and i opened the task and deleted the hotfix. now the spyware doctor is scanning my laptop. after this what do i do next?
Duonoir: Run TDSS Killer, Spyware Doctor and Hitman Pro. It is likely that it is rootkit in system, hidding processes from scanners.
Wife’s laptop got infected today! Fixes from the top seemed to have worked the nuts. Thanks guys/gals. Moral of this story?!?! BEWARE THE LIGHTBULB ICON ON YOUR DESKTOP!
Like everyone else here i got it yesterday. I killed it form my com then used various malware killers and still it screws with my internet mostly the proxy. I am running hitmanpro now as well as malwarebytes to see if they can fix the issues. if not I am taking my com in to be fixed
Thanks for the advice on this site. I am 99 % sure it helped me or rather a friend of mine.
He had the Thinkpoint app and couldnt start his computer so he asked me for help.
I did as told above. F8 to reach safe mode with networking. ctrl alt del to stop the hotfix.exe process and after that starting the explorer process. I didnt have to uncheck the setting in Internet Explorer. Luckily the internet connection was working so we could download anti-spyware fast.
At first I downloaded Hitman pro and with a very fast scan it found one file that was quarantined, maybe I should have tried to delete it, but i have had bad experience about deleting.
Then I tried Spyware Doctor also since I thought it was free, but it was only the scan that was free. It said it found two more instances of the virus and I bought the license and removed it.
Restarted the computer and it seems to be working. Have scanned with both Hitman and Spyware Doctor and so far no problems.
If you can’t delete it try what I did, and that is to create a new user account (admin) and use that as your new account. If you need any files from your old desktop or account just use explore to retrieve them and add them to your new desktop.
You can’t start up in safe mode with this virus. The only way to remove it is to reformat. Or take the drive out and put it in another computer to scan. But then you risk infecting your computer.
InsaneSCV: Actually, you can launch task manager in some cases, as long as you launch it prior thinkpoint is active. Though in some cases reformaqt is better option.
@Richard Johnson
You do realize that Macs are going to be flat on their back when viruses hit them as hard as they hit PC’s right? Microsoft has been fighting viruses for years and Mac’s sitting on it’s throne, arrogant, and just a couple of viruses will bring it down. Microsoft = battle hardened warrior, Mac = arrogant little kid.
I’m newbie in the comp. I’ve got the same trouble.
then I try to run my applications Game Booster, stop “hotfix.exe” and I can connect to network again. but I still can delete thinkpoint, caused access denied. help me to delete this, please
Hi all, thanks for all info here. I will try tonight to remove it. If I ever see a house/window with this “ThinkPoint” logo on it, then I will burn the house to ashes.
Everytime I turn on my laptop, it says there’s a problem starting with RunDLL. And something isn’t a valid Win32 app. This never happened until I got this thinkpoint virus. I continue to scan and delete it but doesn’t work and still cannot connect to the web.
admin ….i can’t understand ..once i had removed this crap….using this Malwarebytes anti spyware and spy doctor…..then why it is coming again and again…..we should not open any wrong website or what??? ..give some suggestions……..
Whenever I start my computer everything’s normal until after I log in and then a black screen and the window with think point appears and I cannot get it off please I need some assisstance!!
Please help me! I’m 13, and barley know anything about computer viruses. I’m afraid I might not be able to use my computer again if I show this to my father(who actually is great with computer, he fixes them). Is there any simple way I can get this stupid think point to leave me alone without me having to get my father or install anything? Or would it be easier to just ask him for help? It’s impossible for me to use Internet explorer. I’m currently searching for a way to fix it on my iPod
Do a restore system to a prior date by going to safe mode only
I just remove this malware. first, I use game booster to stop the operations.
but before infected, I have install game bosster already. I think Im lucky..
after stopped, I search file named softhink.exe. manual delete is not working, until I use Shredder (I use TuneUp untilities 2011).
and now it can deleted…
maybe it can help you…
Tushar: The problem is ThinkPoint infects PC with multiple parasites, including rootkit. It is not always the case, but in some cases these tools are not enough. Scan with TDSS Killer and Hitman Pro, then scan with Spyware Doctor again.
It might also insert malicious settings, like change proxy server, or DNS. You should check that too.
Hotspot users have been getting hijacked and getting
the virus this way.
Thankfully it didn’t plant itself in win7 properly.
I by sheer fluke of instinct did a search as ctrl alt del was locked out as was IE bla bla this is within 24 hours of copping the mongrel.
Luckily it was larking in the users roaming appdata and thats all i could find.
Currently MS defender and some other brands completely miss this thing.
It went through thorough scans and were convinced all was well.
Ahhh no managed to nip it in the bud touch wood it hasn’t managed to windup in registry.
And no oother traces mentioned.
It was a fluke usually things don’t go that well.
WiFi users on open networks try and use VPN or other secure means if possible.
It is way to easy for things like this to propogate.
thinkpoint.exe is the prime offender.
Thanks!! It worked!
I tried all of the recommendations above, but like alot of others they did not work. I resorted to restarting my computer, and then tapping F8 until the black screen with options came up, and I click on Start with last known good configuration. Now should I go into the regedit, and remove the keys? Will my computer start normally in this configuration next time, or will it start with the virus again at restart?
Admin..i am basically using a USB modem for internet connection. what are there settings for checking their DNS servers………
I’ve tried to remove it manually by looking at the source that spyware doctor finds. But still I have 2 items left to remove. I can’t find them. The sources are: “HKEY_USERS\S-1-5-21-3303115028-1715297137-4006022345-64975\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell” and “HKEY_USERS\S-1-5-21-3303115028-1715297137-4006022345-64975\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell = C:Documents and Settings\amla2111\Application Data\hotfix.exe” Does anyone know how I can get these removed?
i woke up hoping to go on the computer and check my messages only to find that my computer (i dont know how) has downloaded 3 antivirus programs to my computer. i tried the old “go into the files and delete it from there but it just came back. i get the feeling it was going by a different name and was now hidden in my computer. i was going to look up how to get this off my computer but it wont let me on. lucky i had two interent programs downloaded to my computer, it only infected one. the thinkpoint and antimalware is popping up ever 15 seconds making it hard to type. i tried what you said and did the first 2 steps. i taped f8 and clicked the safe mode with networking but when i clicked ctrl + shift + esc. nothing happened. well, actually, something did. thinkpoint keeps making me log onto safemode. i cant even log on anymore, im using a friends computer. please help.
Crhirssy: You should be ok, though I recommend upgrading your PC protection programs and rescanning with these tools.
Tushar: Check the guide, your TCP-IP settings should be configured (or affected ) in the same place as everyones else. http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
Lars: Use Regedit. Change the key mentioning hotfix.exe to C:\Windows\Explorer.exe (doublecheck the location)
Thanks, I managed to remove the files. But still when I try to reboot the computer in normal mode, I get a blue screen wich says something about a security risk, and then the computer reboots again automaticly. If I don’t break in and start it in safe mode or turn it off completely, it just reboots over and over again. How can I fix this?
Ok…having the same issues as most everyone else…with an exception. Nothing shows up when I boot aside from the ThinkPoint blue box with “Safe Startup” button being the only thing I can push. After several unsuccessful attempts to start up in safe mode, I hit the safe startup button and ThinkPoint started a system scan. I disconnected my Internet cable before doing any of this and shut down as soon as I saw what it was doing. I can not start in safe mode…what now? Help is GREATLY appreciated!
My computer got this nice little virus also. This website was helpful in removing it. But since I got and removed the virus, everyone in my contacts are receiving emails from me that I’m not sending at all different times of the day. Has anyone else had this problem?
I have think poinback on it stops at the point i hit f8 then it takes me to advance boot i hir safe mode in networking , then when I hit that it tells me to wait andit ask for a different user an will not let me go any were put in and fix computer( no interent, no restore point what should i do. ) is there a anti virus i can put in my compter to fix it
I used my “other user account” on my computer and set up a restore point from before the virus was installed. The virus will not let you do it from the user account it was downloaded from. I already had another user on my computer so I am unaware if the virus will let you add a new user if you don’t already have one.
Lars: with regedit, check if there is no strange processes set up to launch on startup. Would know more if I knew at which step of boot you get the warning.
Jeff: Hit ctrl+shift+esc right after booting (before thinkpoint is loaded). Stop hotfix.exe process. Your situation is not unique.
Chris: Do a scan with anti-malware tools. I recommend Spyware Doctor, though in this case SuperAntiSpyware might help as well.
There might be 2 things: ThinkPoint comes with email worm or thinkpoint steals contact details and spams from other PC. In second case you can not do much. I recommend changing your email password, though. Do so after scan.
The warning appears right before I’m supposed to log on with my personal username and password. Checked regedit, can’t seem to find anything unusual. But I don’t know really much about this, so I might have missed something
Check what is in message. If it is blue screen about security problems, then you need to scan in safe mode some more (this is just fake message from malware). Run Hitman pro, CCleaner, tdss killer. If it is real BSOD, you will have to identify what causes it (it is usually write in the message, just write down its content )
I have thinkpoint virus and I am unable to disengage virus. I cannot seem to restart computer or bring up my task manger box like the removal statemetn suggest. I am unable to get on internet and the thinkpoint box does keep popping up as been happening to everyone who has the virus.
I used CNET.com after a previous post suggested it, downloaded hitman pro 3.5 and it worked amazingly. after a quick download and scan, it quarantined thinkpoint and now I’m able to use my computer again. This website helped a lot! In the beginning I tried doing the “f8, ctrl+shift+esc” idea but thinkpoint wouldnt show up in the running programs. I tried restoring my computer back to an earlier date, only to find out the only earlier date it would let me restore to was 8:08pm when I downloaded an antivirus program. Didn’t work. CNET.com is the way to go.
I deleted hotfix.exe but when I try to connect to the internet it won’t work.
@DoA-T!B
@admin
Your reommendation to go to spy doctor is valid but they charge you for the service. Trying to restore previous settings before you were infected does not work either. There are not FREE options out there for those of us that are severely cash strapped…..i have tried every thing you wrote about….any suggestions?
yeah, my computer has it right no
I followed the instructions on trying to kill it from Task Manager then followed the Instructions from George D and now when I boot into Safe Mode it stops right in the middle and freezes before my user log on screen comes on. I have tried to restart and do it again but it just keeps freezing and won’t go any farther. What should I do? All my work is on this computer. Thanks!
Think Pointr is on my computer and I need to get itoff my home computer how do I do it from home.On my own computer?
i HIT F12 AND IT DOESNT WORK IETHER
After following some of the instructions above, I downloaded spyware doctor and it found the hotfix.exe file location. I found it on my computer and deleted the file. This fixed the problem and ThinkPoint was gone! Thanks everyone!
Sonya: read the guides.
Carolynn: Disable proxy server on the browser. this should solve the internet problems if you have removed all parasites. If not, do a followup scan with Spyware Doctor, identify threats and remove them. TDSS kilelr might help as well
MeLanie:
You can delete the files Spyware Doctor identifies yourself, it displays full path to infection.
I would try Hitman Pro trial in that case. http://resellers.hitmanpro.com/9182137/HitmanPro35.exe , free for 15 days. Then there are SuperAntiSpyware, Malwarebytes that offer free trials without protection module.
In the end, all good and decently updated tools are paid for full version.
@Kevin
I got it on vista…. have it. ugh. trying all these fixes. thanks to admin SOO much. i am very hopeful
i restored to an earlier date and it cured the problem. But luckily there are more people on my computer than myself. I had to go onto safe mode to retore the computer under my administrator log in. It would not alow me to restore under my own personnal log in.
I just had this same problem! once the thinkpoint pops up to your screen, hit CRTL, ALT, DELETE and the task manager should pop up. click on processes tab. find the file that says hotfix.exe and end the process (located on bottom right of window). then go to file – new task (run). type in explorer.exe. this will hopefully take the thinkpoint virus off your screen. I then went to Malware Bytes’ AntiMalware website and downloaded the the FULL scan. it is important to do the FULL scan so it will go through every file. This took approx 2 hours to scan everything. Hopefully this works for you!
Please help admin 🙂 I’ve done the F8->Safe mode thing ok, logged in then the stupid thinkpoint screen comes up. Go CTRL+ALT+DELETE and go to task manager but it’s just a white box with no tabs. What can I do next? And would Avast pick the virus up?
Try hitting ctrl+shift+esc BEFORE thinkpoint starts. Then it might not disable functions of task manager. Also, as an alternative, you might check if it affect other user accounts.
Thanks for the reply. I did do it before it started and still the same. I have just logged on to the guest account and it works fine, but I cannot find hotfix.exe in the task manager. I’ll run Avast and see if it picks anything up, is there anything else I could do? F***ing thing has wasted so much of my time. But thanks for the help again 😉
Got this virus at 11.00am this morning tried everything then seen this page so got the full version of Spyware Doctor and its now removed took a while for the doctor to get through all the files but my pc as a clean bill of health now. Would like to sy thanks to everyone who as commented and given different ways of getting rid this virus and to admin alsowithout you guys/girls i would never have got rid of it cheers ….
i went on task manager and looked for everything that should be the virus but i cant find it and i still know its there even though i have Norton 360 what do i do?
I am trying the Hitman Pro 3.5.7 and i really hope it works
Hitman worked-was fast and the Hotfix.exe file is gone
I just got the think point on my PC but i am going to internet via outlook. You should be fine.
I have thinkpoint on my home pc. I downloaded spyware doctor but when I try to install it I get “Run time error (at 503:633): Could not call proc.” What does this mean and how can I fix it?
Hello, I have been having the same problems
plz can any 1 help want 2 remove bloody think point plz tel me step by step thanks
Jay: Your guest account is fine because thinkpoint is not running in it. Do a full system scan with anti-malware tools. Hotfix.exe will be somewhere in another user account.
Kathy: Reboot into safe mode with networking, and try installing then. Also, try alternate download location if it fails or different tools
Shaista:
Reboot.
Boot normaly, start hitting ctrl+shift+esc while being logged in. That should launch task manager. If it wont, try again.
Stop process hotfix.exe and launch explorer.exe
Download and scan your pc with spyware doctor or other antimalware tools
@marc
I did the same thing and did work thanks Frank
I did everything to remove hotfix/thinkpoint but still am unable to connect to the internet! Also NOTE that I did read through this post and also checked the proxy and its not checked…… Help please
Por favor necesito ayuda en espanol., hace horas q estoy tratando de sacar el virus thinkpoint, puse mi antivirus pero no me lo saca, n puedo entrar en internet, no me deja apagarla no restaurarla, estoy desesperada por q se me aparece el logo a cada ratos…estoy ahora en otra computadora, para ver si encuentro alguna solucion. Please si hay alguien q pueda ayudarme…gracias
Hey guys to get rid of Thinkpoint repetivly hit f8 while its booting up and select safe mode. ThinkPoint will start right away so press ctrl+alt+del. go under processes and get rid of hotfix.exe. then it should go away. then go under
start > all programs > acessories > system tools > system restore. fo;;ow what it says and put your computer back a week or so and when you restart it shud be gone.
@Adnan
hey use JUST safe mode the other safe modes dont work
this virus is nasty but system restore should work youll lose what you did in about the last week or so but its worth it
day 8 still fighting began as ms essentials, then AV8, then thinkpoint, then another that I forgot to write down! Now has me suspended between boot up choice, and problem detected. on off on off on off…WILL NOT go any further. Even tried flash drive. Ready for marco polo pool throw. HELP!!!
help help me sos. μου εμφανιστηκε το thinkpoint ξαφνικα δεν γνωριζα τιποτα για αυτο.Ειχα κατεβασει δωρεαν το avast για προστασια οσπου την πατησα . με βγαζει σε ενα σημειο που πρεπει να βαλω τα στοιχεια μου και πως πρεπει να πληρωσω.Δεν ανοιγει ο internet explorer αλλα ουτε κανει επανεκκινηση.πραγματικα δεν ξερω τι να κανω????????
How do I get rid of this stupid ThinkPoint thing if after accidentally installing it it completely blocks me from getting on the Internet?
@Richard Johnson
Macs are no more immune to viral infection than windows-based PCs, they’re just less frequently targetted. It’s all about the potential income from infection. If Macs were to become the most popular PC platform on the planet then they’d have as many problems as Windows PCs do now… or at least as many people writing malware for them. Your “my platform is better than yours” prejudice is of no use to us, so butt out.
we had thinkpoint but we go rid of it in a diffrat coplated way by the way I am only 7 and my dad got rid of it himself.
Melissa: What error do you get when connectiing to internet?
Run TDSS Killer and then SD again – see if something left. Check if there are no faked DNS servers. (Use usb disk if you have).
Reboot into safe mode, stop thinkPoint process by pressing ctrl+shift+esc and stopping hotfix.exe, delete the file. Then reboot and scan your PC with Spyware Doctor and malwarebytes.
Hi,
followed your directions and got as far as task manager opened – went to processes but there is no identifiable thinkpoint process shown no hotfix.exe etc etc. I have
explorer.exe
svchost.exe 5 different ones
taskmgr.exe
issass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
xpnetdiag.exe
ctfmon.exe
iexplore.exe two different ones
system
system idle Pr
any suggestions which one is the problem and which i should end
regards.Mick
I would try stoping xpnetdiag.exe first. Then ,if you see black window at that point only, i would stop explorer.exe and start it from c:\Windows\explorer.exe folder.
Third, In such cases running scanners (spyware doctor, tdss killers might help identify the processes).
Ok it has removed all my restore checkpoints so thats not an option! When I run explorer.exe (then C: then Windows then right click on properties of explorer) it has blocked (made disappear) the security tab!!! When I go into safe mode it shows the security tab BUT the windows are too large to allow me to accept the changes (go figure!). Ok spyware doctor is also MIA from my computer!!!! Any other suggestions? I do have a little knowledge of computers but not perfect 🙂 I do have a laptop (which I am on now) and another desktop for my kids….. would it work to burn a program onto a disc then try to run on my infected desktop? and also wtf is tdss, is that just a program similiar to spyware doctor?
@admin
this was such a good help, so useful, easy instructions that were perfect to understand, but one problem you really have to have two computers to work this really!?! great help though.
Admin, please see my ?, I cannot afford a computer repairman & have to do this myself. Thank you
Mia: You could try to use a CD with all the programs, but remember that you will need to update them before performing actual scan. I also recommend burning TDSS Killer and hitman pro together with spyware doctor.
admin thanks very much fallow your guides step by step n it does work thanks u saved my pc 4m stupid thaink point thanksssssssssss
where can i download free spyware doctor or other antimalware tools plz any 1 know caz wen eva i log in my pc think point comes up even i removed 4m task manager …..
@Richard Johnson
Mac is no less likely to be infected it’s just because the market share is so much less there isn’t a good reason to write virus’s for them, I have had to remove Mac virus’s before and they are no less nasty than windows. If you want to be virus free avoid the internet.
I just wanted to point out that if you hit alt+ctrl+del to bring up the task manaager and u cannot find a file name think point, click on the processes tab and look for “hotfix.exe” click on it and then click stop.
Also, a simple way to get rid of thinkpoint if you are not able to connect to the internet or even boot in safe mode , is to create an iso image of a linux based distro called “dr. web” then use a cd\dvd burning software such as roxio burn the iso image ” dr. web” to the disk “makes it bootbale without using any windows components it will automatically mount your drives , then you will see the linux desktop and drweb will automatically start. make sure you select “or checkmark the drives being shown in the dr web box” then click scan after scan is completed click remove all infections. then on the linux desktop “at the bottom left hand corner click the button “same as if you were using windows.” then select restart. The linux distro dr.web will auto eject and windows will start normally. As a side note, if after windows starts and you find that you cannot connect to the internet just run your network wizard “located in control panel” and select setup LAN connection. Then just follow the instructions.
One more thing that I would like to add is that the difference between running Linux and repairing and trying to do a system restore is with system restore from windows , wether it be hard drive or disc, will most likely NOT restore your files “such as movies , pictures , music, homework…etc.” USUALLY, it only restores files that are critical to run windows and that is it.
With linux u are booting from a live cd so you arent using your windows os files at all. I highly recomend using linux. However if linux is a little intimidating then i would suggest booting your comp. when you see the annoying thinkpoint screen hit alt+ctrl+del and click on processes and find hotfix.exe “as i mentioned above” and click stop process and then click yes , you should now see your windows desktop , click run type.. “explorer.exe” then hit enter. At the top of your URL type “http://malwarebytes.org click the green button that says download free version follow the instructions and run a full system scan “be sure to include rootkits , im not sure if it is automatically set to include them or not. Also, as admin has suggested pctools offers spyware remover , however I am fairly certain pc tools doesnt search rootkit files by default so you will have to go into the options and select “search rootkit files” correct me if im wrong admin i havent freshened up with pc tools in quite some time. good luck to everyone.
THINKPOINT has attached my laptop. It would let me access anything unless i purchased the full version. So i shut down my laptop a few times Now when i start it up… nothing… just a blank screen, not even THINKPOINT Did it wipe out my hard drive? How do i reboot? This is a nightmare!! Please help. Thanks!!!!!!!
Came back next time I started up so I went through this process again then went to ‘all programs’ found ThinkPoint sitting there as a normal programme so I deleted it to the re-cycle bin, then went into the re-cycle bin and deleted it from there. Now everything’s fine and the Computer starts up normally again!
@Zac
ok so this just happened to my laptop and i used the steps here some of them didnt help and some did…i ended up starting it in safe mode with networking clicked on the admin button and then it popped up a box that said if you want to do a system restore click no and i did that and it worked!
If you can’t run malwarebytes while you’re infected, then rename the “.exe” file to “.com”. You should then be able to run it.
admin.. may I ask why you deleted my previous posts? I was simply trying to help out. If you would allow me to post links to my sources to prove my scenerio works better than a windows restore I would be happy to do so. Please let me know.
@Sonya
I can help with that.
@melissa
If you are still having trouble I would be more than happy to help I fixed a friends computer today that couldnt even log off or get task manager to pop-up. Let me know if you still need more help. I can chat via email or messenger , whatever works for you.
I found that if I booted in safemode, then when the fake scan info came up I hit control alt delete, selected the applications tab, start new process, then typed in explorer.exe that allowed windows to boot, then I stopped the hotfix.exe under the processes tab. did a search in drive c for hotfix.exe, deleted it, dumped my wastebin, then went to system tools, system restore and restored my system for one day ago before the virus was downloaded and wham! it is fixed and no longer a prob
@Zac
thankyou so much for all your help
Andrew: There are couple more alternate OS scanners, Symantec, PCTools, Kaspersky, Avira, etc offer them. The problem with them is following: you can mess up registry and be unable to login afterwards. That is why some of the anti-malware tools recommend scanning from normal mode if possible, and only then trying to do scans from safe mode (where registry is not loaded).
For rootkit removal, first thing I would try is TDSS killer and Hitman Pro (if regular anti-malware tools do not find anything) and only then an alternate OS scan.
Don: Try rebooting and pressing F8 early on. Then see if menu appears. Do system restore. If not, then it is repair CD or technician time.
andrew: all posts go through approval to avoid people that try to scam others and spams. They are not deleted, just had no time to check all the posts and approve them. They are approved now.
I managed to remove this from my system using malwarebyte, but it’s damaged the keyboard, changing the letters around and shutting off all of the letter’s required to type ‘ThinkPoint’. Tried doing a system restore but the keyboard is still damaged. Is there any way to reset this?
If you are quick about it, you could try pulling up the task manager in the middle of that retarded scan it does and end hotfix.exe – this freed up my computer enough to try a system restore from yesterday, i am now waiting to see if this will work…
admin- i killed the hotfix thing and think point doesnt pop up anymore. but i dont think its gone, i dled malware and spydoctor but they wont run. they are installed but wont run and im not computer savvy.. what do i do from here? i cant find the files that it says and i dont want to accidentally delete something important. thanks for the help
Liz: Malwarebytes did not remove ThinkPoint completely. Download and run a) tdss killer b) spyware doctor c) hitman pro.
michelle: reboot into safe mode with networking and try running then. If it fails, try launching TDSS Killer, see if it detect its.
Ok I got this stupid virus Think Point, tried everything, got mad and did a complete reload starting with FDisk …. Now that solve the problem computer run’s like it did when I built it.
many, many thanks! I started up in safemode, downloaded hitmanpro and removed the malware on my daughter’s laptop. Hopefully this does the trick, I’ll find out tomorrow when she starts up (I don’t have her logon :-)) Philippe (Netherlands)
I would like to thank you, thinkpoint virus got me and with your help i got it out of my comutper and back up and running.
Philippe: You are welcome. Though I would recommend doing scan with Spyware Doctor or other anti-malware tool as well. Hitman -Pro is second -opinion scanner only.
I got this ugly virus and tried the Safe Mode approach and was not able to come around the problem – it was there again in Safe Mode. I then started with the Windows 7 CD\DVD and did a repair using system restore and this seemed to fix my problem.
You may have to use combofix.exe, this will kill this virus, you will probably have to go with SAFE MODE, then Kill hotfix.exe, then start explorer.exe, then run combofix, it may take ten or fifteen minutes but it usually works against this blasted thing, have removed it from my daughters and my wife’s computers today, it is a real pain, somone should find the guy who made this and give him a none elective post partem abortion.
@Jeff Vander Woude
My computer is doing the exact same. Did you ever find a way to fix it? If so would you please help me?
this is a bit complicated but it works take out the offending drive put it in a drive caddy connect it to a pc thats running “microsoft secruity essentials”, fire the software up, and do a custom scan including the (attached drive), let it complete, check the history file see what it found, hopfully it found all the malware and removed it, “but you must set the program up properly”
i have the virus. i followed the instructions and was able to get it off of my screen. i can access the internet but when i go to download the spyware doctor, my computer freezes. any suggestions?
My wife had this problem on my old laptop. The thinkpoint was only coming up under her login though. I did a manual shutdown and brought up the laptop in normal mode under my Admin login. I ran a full scan with avast! antivirus (free version) and it found the threat and took care of the problem.
Hi there. I just got ThinkPoint today and when I open the comp. all it has is a black screen behind the ThinkPoint.
When I did your instructions I got stuck on #3
Can you help me?
I tried running explorer.exe (C:\Windows\explorer.exe )
but all i got was documents
Chris: This does not removes some of parasites. You should rescan the pc in normal mode (after removing parasites) to see if there are no infected registry keys with undetected files.
Reboot into safe mode with networking. Also, you might need to fix registry – ThinkPoint might be set to scan for downloaded executables to prevent them from installing. But these settings should not work in safe mode.
Sophia: start explorer from within task manager ( there is new task in files menu. Enter full path: C:\Windows\explorer.exe ) Check in which folder is windows installed though, on some PCs the path might be different.
That is ok, WW – this is only for people where task bar and documents are disabled. continue further.
Sorry I re read $10 extra for virus protection Thanks
I did the download and was successfull at doing a deep scan.
Now when I load up but now other viruses Whitesmoke- Dr Watson Postmortem debugger and a ? tools program
Spyware Dr apparently didn’t get all of them. Should I now download a different extractor to finish the job?
So Ive got the THINKPOINT virus and I cant get to my registry (not even in safe mode) to try to get it out…..HELP!!
hitman pro removed it in 15 min wuuuhuuu
Larry: No anti-malware (or antivirus) is 100%. If they claim that, they are exaggerating.
Mary : Read our guide how to fix registry: http://www.2-viruses.com/how-to-enable-task-manager-and-registry-editor-after-malware-attack
Also, perform other steps, and download scanners/removers – they might fix that problems.
wuuuhuuu: rescan with other tools. Hitman pro is second -opinion scanner, thus it is good idea to scan with either Malwarebytes or Spyware doctor afterwards.
THANK YOU THANK YOU THANK YOU!!! I was able to find you on my IPOD and save my computer!!!!
Hei Admin,
I did all u said up there, no just one thing though…I can´t register my license for spydoc…It said that either my account name or my license number is wrong..what should I do? I did copy and pasted it!
Wong : There is support section on PC Tools website. They will help.
I just had to get rid of this. This works very well.
1. Restart your computer. Once the ThinkPoint window comes press Ctrl+Alt+Delete or Ctrl+Shift+Escape. You should now see the Windows Task Manager screen as shown in the image below.
Click on the Processes tab. Then click and highlight hotfix.exe and click End Task. If it asks you “Are you sure you want to terminate the process?” click yes. This will close the ThinkPoint program.
2. While in Windows Task Manager, click the File -> “New Task (Run…)” from the menu on the bottom right. Type in explorer.exe and click OK. Your desktop and icons should start up as normal
NOTE: if you got an error message “Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them”, then please run this command first:
cacls “C:\Windows\explorer.exe” /G Everyone:F
A new windows will come up asking “Are you sure?” Type Y and press enter.
Now run explorer.exe again.
3. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click “Yes” when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is important because if you won’t fix this entry, then your Windows Desktop will not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer.
4. Run Internet Explorer or any other browser and download free anti-malware software from the list below:
MalwareBytes Anti-malware
SUPERAntispyware
Spybot S&D
Hitman Pro 3.5
Spyware Doctor
Run a full system scan and remove ThinkPoint from your computer.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.
wife got this on her comp luckily i also had my log on on her comp went on mine searched hotfix and thinkpoint deleted all as previous stated on here all ok now thank u admin
Thank you very much. I was able to delate thinkpoint virus by reading & following all advice on this webpate. It took a few hours, but it was totally free!
We got this virus last night, through a safe movie site; its taken many hours of cleaning but it seems its finally been conquered. Thank you so much for all of the suggestions and pointers, admin and others; without this site we’d never have sorted it, so we owe you a beer! Perseverance is the key – we followed all the steps from f8, through to using hitman pro as a second opinion, all on a different user – also paramount. Fingers crossed its gone! Thanks again!
I have used AVG AntiVirus since my first computer, even the free version is good at getting rid of stuff. It worked against Thinkpoint and I recommend it fully. Another good program I use is CCleaner, it removes a lot of stuff most people overlook and will help speed up you computer
My laptop got infected with think point the other day. I followed the advice, went into task manager, deleted hotfix etc. but I couldn’t load anti-malware because the laptop is work laptop and i don’t have admin rights. When I switched it on yesterday the screen is now just black and nothing is happening!Can anyone help?
PsychoLEPrecon: CCleaner might help against some sort of malwares, but ThinkPoint does not use %TEMP% for their storage. Thus it is useless in this case. AVG is ok, though I do not think it is too reliable 🙂
CPB: Can you boot or is that before booting? If you can boot, then start explorer.exe from within task manager. Then you might need to clean registry. If you can’t boot, you will have to ask techie to do repair install
The simplest way to clean thinkpoint from limited account is to log in as admin and create another one.
i dont have internett explorer!?
Use your browser, instructions will not change much.
Got Think Point last night 🙁
Tried everything this morning to get rid of it. I tried uswing the steps mentioned above but after deleting tp from the process the screen was black and i was not able to get to windows 🙁 Tried about six or seven times. Now attempting a recovery that makes the comp like out of the box. Will it work???
Can anybody help 🙁 I’ve only just started trying to remove Thinkpoint virus. But it won’t even let me open the task manager, even though the computer is in safe mode with networking. Is there anything I should try?
i first went in the the Task Manager..then I downloaded hitman pro like I saw someone wrote about..and on my pc it worked..but I think it also may have something to do with the router because right after I got it on mine my husband got it on his pc..so will try hitman on his tomorrow then post more..
Daniela : You should start explorer.exe after you kill thinkpoint process
cwmac: Perform first steps in safe mode (not safe mode with networking). You should be able to launch task manager, stop thinkpoint, launch explorer.exe and then delete the file. Reboot into safe mode with networking next, and scan,
Thank you very much for the help!
Mr. Admin………….
I have been trying to get this “thinkpoint” out of my computer. I am able to get to open up with safe mode and then go to task manager. BUT,,,,,I do NOT see the thinkpoint program in there. Does this thing have any other names it goes by? I can get to different areas to do a search, but NOTHING comes up with that name (thinkpoint) listed. For starters, I would like to smash this person’s face in who initiated this virus. Any help you can give me regarding other names it may have will be appreciated. Thank You. By the way,how did you get so smart??
I forgot to tell you, I downloaded “Hitman” but when I attempt to run it, it says it can not find an internet connection even though I AM connected. It is a window that has a 5 minute timer on it and counts down to zero seconds.
Cancance: Stop Hotfix.exe. Search for it on hard disk and delete. Then reboot to safe mode with networking and try running hitman. If it fails, try running TDSS Killer first, then Spyware doctor and hitman.
@George D
Thanks~
As a 16-year old and somewhat good with computers, it was really confusing reading the tutorial and other comments. Yours was the only one I can really follow and just by reading it carefully I managed to fully understand the other problems other people were having.
I managed to get my mom’s internet back and fix it. So thanks to this site and to your helpful comment 😀
So I have restarted my PC, went onto Safe Mode while Networking.. Opened up Task Manager and ended the ThinkPoint task.. Went onto the Internet, the box was already unchecked. I downloaded many Antivirus programs, all of them required to Purchase the product.. I tried downloading ESET Free Trial, said the System didn’t allow it to install.. So here I am, installing AVG Free Trial, hopefully It won’t require to purchase the product, since most of them are pricey..
DAMN THIS PIECE OF JUNK ! WHY DID THIS HAPPEN TO ME ! 🙁
Thank you for this excellent resource. With the various information, I was able to manually get the task mgr back, kill the offending processes, delete the registry keys and the associate files. However, I still have one problem left.
In trying to mop up with Hitman or Spyware Doctor, I can not reboot back to either Safe Mode with Networking or Normal. Therefore, it doesn’t matter which profile I log in with, I have no internet.
I went to another PC and downloaded Hitman and Spyware Doctor, however, any attempt to run them from either the flash drive or the ‘infected’ PC is impossible, because both softwares require a definitions update via internet connection or they won’t run. As mentioned, I can’t boot into anything other than regular Safe Mode (no internet connection)
Any ideas on how to finish this cleanup? Much appreciation in advance!
Vic
Can’t you boot into safe mode or you do not have internet in them? If it is no internet, then disabling proxy server is enough.
If you can not boot, do system restore, and then run TDSS Killer (to make sure that you got no rootkit). Then you should be able to boot and scan.
System restore does not fix everything, but it might disable parts of infection.
Thanks. Hitman Pro got rid of mine.
When I try to boot into SafeMode WITH Networking, it starts the process but then crashes/restarts. The only thing I CAN boot into is regular SafeMode.
Following some of the earlier threads (I’ve read every post here 🙂 I opened my internet options from within regular SafeMode and determined that proxy server was NOT checked. (perhaps because none of the networking services are loaded in regular safemode?)
I’ll try the TDSS killer from flashdrive, however, let me ask this… is there any way to run Hitman OR Spyware Doctor from the flashdrive WITHOUT them requiring a connection to the internet first? In other words, is there any way to pre-load Spyware Doctor or Hitman with the current definitions so it doesn’t think it is out of date? That would probably solve this also.
Thank you again for your time investment into this horrible problem.
Vic
Vic: do not think so. The build we offer requires updates, and hitman pro requires internet connection to be effective as well.
The problem in your case is not a proxy, it is internet drivers, or more exactly a trojan/rootkit in them. Typically, it is TDSS.
I got rid of think point by running my microsoft security essentails, you will need to do a full scan and it will take a while.
@sean
I just fixed this virus on a customers computer. Used Malwarebytes Anti-Malware and SuperAntiSpyware to do it. Worked like a charm. Its a pita virus, because I had to manually navigate in safe mode using task manager to these programs I had previously installed, but it still worked beautifully. Remember to update your software before scanning if at all possible.
Got the virus a few days ago. And now unfortunately I am writing via the library.
I initially deleted the virus (or thought I did) by stating up in safe mode and deleting it from C – Doc & Set – All users … also by ending the hotfix.exe in taskmanager. However that was before I came to this site for advice.
So as of now (3 days after I thought I deleted it) my computer wont even start-up. I get to my initial splash screen and loadup and can get so far as to access F8 to allow for a SafeMode startup, but after I hit to begin safemode (or any mode) I get a black screen of nothing (not a flashing cursur, not the thinkpoint screen, nothing). I can also hit + + durring the loading process but it just brings me up to a boot disk menu, and I have no boot disc.
Help me please
Sorry * I can also hit ctl+sft+esc …
Basicmountain: This works if the software is preinstalled. In general, users need to install them before infection.
Personally, I recommend for people upgrading to paid version of MBAM/Superantispyware if they want to rely on them for protection. They would have stopped infection if real-time scan would be on. That is why I prefer Spyware Doctor 😉
Mike: Get same os install disk from friends and do repair install. Then run anti-rootkit tools and other scanners…
@admin
TDSS removal did the trick. Thanks again for a great column. I’m sure this has been a significant time investment. Good luck to everyone!
Vic
@Admin: Nightmare thread!….. People!!… read the entire post before ask!…..
I have tried everything on this site. When I get the first thinkpoint screen in blu I am unable to get to task manager.
I have tried safe mode etc none of your solutions work. Any ideas?
If launching task manager (in safe mode without networking) fails, you can not download anything (like rkill) then you got following options:
1. System repair using original CD (might not fix everything and mess up)
2. Alternate OS scanners like http://www.pctools.com/aoss (most of antivirus makers have one).
3. Trying to scan and remove files from another PC (install HDD as secondary on other PC, and go through files, delete hotfix.exe). Similar to 1, it is more likely to mess something up in case of rootkits.
@marc
I love you x
i bought the program is there anyway i can get mu money back ??
On Windows Vista go to
C:\Users\\AppData\Roaming
e.g.
C:\Users\shiv\AppData\Roaming
and rename hotfix.exe to hotfix1.exe
This worked for me after deleting hotfix.exe from processes in task manager.
I got rid of mine when I took it to microsoft security very simple jusr hope it does not multiply.
will let you know
bamsenz
Contact your bank, Abby
It seems i got rid of ThinkPoint, but have a problem to enter on a few sites what i used to use before. AVG,Hitman Pro, Kaspersky, Avast, Privacy Mantra, Tdsskiller can’t help. Am i on a wrong way? What else i can download for recovering computer.
Elena: What sites are that? It might be some settings in hosts file or changed DNS settings (this happens after infections with rogues).
@Richard Johnson
Yeah because there are absolutely no viruses for OSX. /sarc
twat.
Got a Trojan error this morining and can’t do anything to get rid of the Think Point message. Followed your steps on putting into safe mode. Once I got into safe mode, and pressed CTRL+SHIFT+ESC I got to the process tab. I could not for the life of me find a way to do the rest of that step which is check for processes of Think Point and stop them. I am extremely frustrated to say the least. H E L P
Thanks
Yes, admin I deleted a comment from DoctorWeb in hosts file and all hosts.2 file a few weeks ago. No mistake in DNS. One of that sites is forum on liga.net. How to check possible existence ThinkPoint in system? (I can’t find hotfix.exe)
Hey I can open task manager and start explorer, but There are no processes showing up!
I followed the directions and now I have a black screen showing. After i log off then come back on, I have the same THINK POINT screen come up with no regular desktop icons. HELP, I scanned once in safe mode then went to regular and did another scan.
Mark: launch explorer.exe manually. You might need to modify registry and delete/change registry key changing windows shell from explorer.exe to hotfix.exe
Elena : run various scanners. Spyware Doctor, Malwarebytes, Hitman Pro, Superantispyware are most likely choices that identify (and remove, some freely) the problems.
@Richard Johnson
Dear Richard Johnson, I don’t know how old you are in the science …BUT I do know that the ONLY reason Mac’s are a relatively safe haven from malicious attacks are for the simple fact they are out numbered in populace. The terrorist that write destructive pc programming focuses their talents on the masses, NOT APPLE …FACT! Thank You, Ronnie Richardson
GREAT IDEA THANKS
stupid virus almost totally took over but instead of this process i had it wiped and back up to 100% operational and in good condition within a few hours + im not good at computer techie stuff so i leave it for the techs
@admin
All scanners what you recommended had found some threats (Malwarebytes was more successful – 34 threats), but no positive result. Is there no choice to recovery system unless sending to creator of ThinkPoint congratulations.
will shield deluxe 2010…kill this monster?
Elena: If TDSS Killer and Hitman pro found something in the end of tests, re-run other scanners. Also, open your Application data folder, make sure you see hidden/system files and delete all executables, dlls or other strangely named files by hand. No file there is critical for the system and is likely to belong to malware if executable.
danny: why not to try? Though i do not think so.
oh man kaspersky is the best ! i downloaded the same file into my computer and kaspersky was active at that time and i downloaded the virus but the download folder wasn’t showing anything because kaspersky remove it immediatly but know withput i installed it and ……..yeah :S :@ :@
use kaspersky guys it is the number one for all viruses and malware and it monitors ur computer and remove the virus completely before u install it which will save u alot of time 😛 🙂
Sam: In many cases the amount of infection would be reduced drastically if people would use internet security suites of Kaspersky, ESET, etc. Though you can’t avoid them fully.
Thonkpoint connect to :
Destination Address: 91.217.162.174:80
@sam
Kaspersky uses a single signature to detect the infected file
And sometimes the location of the signature facilitates change, hackers use these techniques to make trojans undetectable…
This virus is terrible…I went on to safe mode…and I can not find where to restore my computer…I had the same virus a week ago, restored my computer (no problem from safe mode), and it was gone…but still infected! Now the virus is back, and I have been following what people say…I downloaded verizons anti virus thing, and when I click to scan for viruses everything freezes! Ugh…I am feeling like I should get a new computer, however, I dont have money for that, and I have tons of important files on it that I need!! What to do?
Alley Monte: Delete hotfix.exe in safe mode, run tdss killer, reboot into safe mode with networking, run Hitman Pro and Spyware Doctor.
I think I deleted Think Point, I just deleted it from the C drive,(not the way you have described above). Now I can’t get onto the internet. I was able to download the SpyDoctor from PC Tools and perform a scan but I still cant access the internet. I can downloan the PC Tools antivirus in safe mode but not in the regular operating mode. Someone please help before I kick in this freeken computer.
I’m a total novice can’t get online in safe mode. Through my other computer I downloaded hitman on a flashdrive. How do I load it on the infected pc in safe mode?
I downloaded spyware dr. onto a flashdrive from my laptop then to the desk top seemed to have worked
Ryan: Disable proxy server in your browser, and all unknown add-ons. I think in your case its as simple as this.
Thank you so much for this help! I have a crucial essay due the 22nd and would have been doomed had I lost it! Serves me right for procrastinating and visiting shitty sites!
Guys…all you have to do is reboot your computer, after the BIOS checksum screen finishes (usually the vendor name of your PC brand, e.g. Compaq), keep pushing F8, an advanced boot option screen will appear. Choose Startup Repair, then choose Microsoft System Restore, revert back to a checkpoint BEFORE the virus was installed, and boom! Problem solved. I just got this virus via torrent sites (lol) and did a quick google search, found this thread, and figured I’d offer some insight. I hope this helps atleast someone!
Hello
Tried following these instructions as my PC was infected with Think Point. At first, completely unsuccessful – deleting hotfix.exe had no effect. Finally was able to get onto internet (not sure how – hadn’t been doing anything different) and downloaded the spyware program which detected problems with the registry files. When prompted, clicked OK to fix problems. Result: computer completely broken, unable to boot up beyond Windows XP screen, unable to use normal recovery options. My PC manufacturer completely unaware of this virus. Being advised to purchase another copy of Windows XP and to re-install from scratch (my normal recovery disk does not work). Has anyone else had similar problems?
Jon: Which program did you use? Actually, it looks like you have messed up with TDSS rootkit. Aka the cleaner you used has not removed TDSS rootkit’s entry points. Recovery CD Should work, and you might even boot in safe mode (have you tried?). If so, do system restore.
Justin: System restore does not help everyone. Also, scan after system restore – you never know WHEN you got first infection.
I definitely agree, perhaps it’s only most useful if you do a system restore as soon as you got/first noticed the virus? I ran three different standalone scanners that are highly rated: ESET, Microsoft Security Essentials, Kaspersky. I came up with nothing, so, hopefully I’m all set. I wish you guys great luck, I can understand how important loss of productivity on a PC can be, I’m a college student.
omg my husband was on the computer doing his usual stuff when THINK POINT just popped out from no where/ well after hrs of calling people and trying to fix it he shut it down , turned it back on and by this time the hole screen was being taken over by this think point he could not log off manualy or do anything but THANK GOD I went on my lap top to find out about this MAJOR VIRUS and when he got home he did what it said and it fixed the problem!!!! We thought out home computer was gone , I just bought this lap top one week ago today and having to buy a home computer was gonna ………. thats if we even got one but I do suggest following the directions at the top of this page and giving it a try!!! Good luck all.
Justin: The problem with system restore is that many trojans know about it, and try to either infect restore points, or lay dormant for some time. Also, System restore is not backup, it will not restore everything to previous state. Thus I see lots of comments about parasites coming back after system restore and hitting worser than before. It is one things to try, but not a way to fix PC permanently. You will have to scan to make sure you are clean. And while all products listed are good, you will need anti-malware tools for better chances on detecting infection.
I use ESET myself (together with Spyware doctor). I know, that even this combo might miss parasites sometimes, thus I use other tools that focus on specific parasites in such cases: TDSS killer, mbam, hitman pro, superantispyware.
Hey All, someone on this site gave me the answer I was looking for, and cost me “NOTHING!”
The administrator on this site wants you to buy PC Doctor! There is no need if your able to use “System Restore.” Think Point prevents you from getting to “System Restore” His suggestion was simple and easy to follow, Follow these instructions and you will be able to restore your computer: manually shut down by unplugging, ThinkPoint will not allow you to shut down any other way!
Reboot with F8 to normal safe mode(with networking), Log in as Administrator… click NO when asked to continue in safe mode, this will bring you to System Restore.
Pick a date before you were infected & let it restore. . .
Unfortunately, this simple process will take a long time since the virus is bogging the system down, be patient when it seems the system is hanging, leave it alone, eventually, it will auto reboot & restore. You may have to pick different Restore Points if it didn’t work the first time. I know, because I had to. . . .
I found that if you remove the account (Manualy copy the files over, do not save them when you delete the account) Then as another user said; “restore to a previous date”, then that should fix the problem.
Hello,
I have the Think Point malware. The screen showed upon startup and wanted me to load it which I did not do. Instead shut down and went to another machine and ran search where I found this site. Now after some attempts my system is effectively dead. I ran was able to boot into Safe mode and run Tdss killer from USB. Didn’t find anything. Strange I thought. Then ran Adaware from safe mode full system scan and it found 1 infection that it deleted. It recommended a reboot and now the system will only boot to a blank screen with a blinking cursor upper left. Wont respond or boot to safe mode or anything. Any suggestions for reviving what is now a very expensive doorstopper?
Actually, Artie, I do not want anyone to get the infection in the future. We recommend both free tools and paid tools, but at the moment all good anti-malware tools with real time protection are commercial. I have seen enough cases that people will return after re-infection and with disabled system restore.
I will always recommend a solution that helps user to avoid problems in the future rather than solution that masks the symptoms temporally.
John: Adaware is not a software I would recommend against such parasites. Try getting system CD and running fdisk /mbr from command prompt. It is likely, that adaware disabled a rootkit and forgot to fix system boot process.
Another option is trying to fix install with same CD or do a complete overtop install. Just create DIFFERENTLY named user for yourself, as your old account should be still infected.
my infection left system restore inoperable…
Ok will try that but what is Fdisk/mbr going to do? Am confused about a complete overtop install.
i will try this will let know how it work out
thank
I had it on Windows w000 SP4, just 40 minutes ago. It got past my maximum security firewall settings and AVIRA ANTIVIRUS, installing itself and completely hijacking both normal GUI Desktop and SAFE-MODE.
So, it seems to be about getting my money rather than hacking ….
The virus takes out both GUI and SAFE MODES, You can only get access to your registry restore point data and application by using ALT-CTL-DEL » Task Manager » Run New Task and browse for your registry restore folders. If you don’t have one, you’re screwed utterly, at first sight. OK, I have Windows 2000, SP4, and it’s not LINUX, but that’s my tough choice.
‘ThinkPoint’ got past both my Maximum security FIREWALL settings and my ANTIVIRUS application, installed itself with these files at: C:\Documents and Settings\Administrator\Application Data
1) hotfix.exe
2) completescan
3) install.
Once you’ve restored an earlier registry or restore point whatever your system calls it, browse to this location without clicking on any of the files, DELETE immediately and empty your RECYCLE BIN immediately. Watch your http traffic in your firewall for a while.
My method of restoring an earlier complete registry using the great freeware ERUNT/ERDNT as I do, is perfectly good as I scanned my system registry after the restore and found no reference to the virus files.
I would love to know where this VIRUS/SpyLoader is coming from, which URL’s specifically or Spoofed IP’s etc. I was on a forum with an embedded music player from 123playlist.com at the time of the attack on my Windows PC>
If you have LINUX/UNIX/MAC you may be safe. People spend a lot of time inferring that I’m silly for using Windows with all their vulnerabilities, but I just don’t have the time to migrate platforms right now, and I am becoming quite experienced in ‘pulling damaged PC’s back from the brink’
However I wonder what is behind this SPYWARE, is it just gold-diggers on the Virus Trail or is it an organised cyber attack on the internet’s infrastructure? You tell me what you think. I think we should be given access to the tools and knowledge that will allow us to protect our systems from such attacks. But in the end, LINUX/MAC may be the only way outta this dilemma!
Robert: Try disabling ThinkPoint by deleting hotfix.exe in safe mode, and running Spyware Doctor, Hitman Pro, etc.
John: If system is not found, this restores Master boot record. I thought about it, but now I think you should try running repair install using same CD first.
Jason:
I would recommend upgrading to Internet Security version of Avira, and not use standalone antivirus (especially free one).
The malware changes daily, thus there are chances that fresh versions of malware can be missed. In many cases malware originates from exploints from infected legitimate websites or advertisements on them. They redirect or use content from domains, that belong to malware makers. Another way to get infected with parasites, similar to thinkpoint, are various “downloads”: fake flash updates, codecs, etc.
Actually, related trojans might infect MAC and Linux PCs as well – some of them are Java based, for example Koobface.
i got this about an hour ago and it really pissed me off so i just went to system restore. luckily i had just updated itunes so it only got restored to yesterday. i had no idea about it being fake until just now. i had never heard of it so i looked it up and found this. i really suggest restoring your computer so you can completely wipe that thing out.
so i have the thinkpoint issue as everyone else, only problem wont let me open up task manager at any point. do i need to go threw start menu to kill it or what?
AJ: System restore is not a full system backup, thus it does not wipe everything. For example, malware files might be still there (just not active). If you want to use backup-based solution for malware protection, do regular backups with Acronis or similar, which do full image of system.
Chad: Usually, it allows running task manager in SAFE mode (not Safe mode with networking). The trick is to delete part of infection in safe mode, then in safe mode with networking identify remaining infections and delete them with help of anti-malware tools.
I have this and am trying to follow the above instructions. But, when I press F8 nothing happens. Is there another way?
Morris you need to press F8 rigtht during reboot (just after system reboots and before you see windows logo.
Hi admin, thank you for your help about this think point trouble. I spent a whole evening and now its seam PC work ok. I used hitman pro trial to remove trojan and some hotfix exe, also used regedit to delete some,SpywareDoctor can’t find anything more but when i run Hitman pro again there is stil something like this:
hotfix.exe
C/USER/WIN7/AppData/Roaming (no connection to scan cloud)
In last-closing window of HitmanPro i found this:
No Threats Found
PC and internet working normal, theres no ThinkPoint trouble when i reboot machine…
q: Do you think i can expect some trouble in the future? Maybe the beast just waiting for now?
Thanks again for big help and have a nice day.
Simon
Simon: Check the folder manually if there is a file. It might be removed from registry and not launched, or this might be hitmans thing. If the file is there, remove. I guess you are safe at the moment. Now I would install some sort of internet security suite if you got antivirus only, and maybe full version of Spyware Doctor or Malwarebytes to protect from malwares like this in the future, but this is up to you.
Yes, i checked C/User/WIN7/—-but there is no AppData/Roaming folder, so i think this is ok and i guess i’m safe?!
I’ll get full Spyware Doctor for sure, thx for advice!!! And once again, thank you very much! I wish the best results to other forum users also! S
i cannot access internet to download or in any other program. thinkpoint keeps popping up.
Simon.
Try changing folder – the folder is system one and you do not see it under normal settings.
Stillwell: Reboot into safe mode and press ctrl+shift+esc. Stop hotfix.exe process, launch explorer.exe. Then Search for hotfix.exe in hard drive and delete.
Yes admin, hotfix was there, i deleted it now! Thx very much!
Thanks a lot.
Using BartPE
Windows Vista location was different
%UserProfile%\appdata\roaming\hotfix.exe
%UserProfile%\appdata\roaming\thinkpoint.exe
GOT RID OF THINKPOINT —- I had this virus … maybe I still do, dunno yet. Problem was I could not escape ThinkPoint even using a safe start with networking. (It also would not allow me to open IE so I couldnt get online). I used the power button to turn off and on again. While starting up again, I ket pressing F8,F8 over and over, however, I chose “repair computer” instead of safe mode and then chose restore system and used a restore point in the recent past. This seems to have worked … I am able to get the internet now without any signs of ThinkPoint. I plan to download some protection now. hope this helps someone
hi admin, i just recently got this ‘think point’ virus and i dont know what to do. i have already done the procedure u told us to do above but wen i go onto safe mode and delete a file called hotfix or something like that and i close the task manager my screen is black and i doo not seem to be on my windows or my desktop screen for me to actually go forth with the next step of going to internet exporer. it would be much appreciated if u help me, thankx
You should launch explorer as new task from task manager. This should make taskbar appear and you will be able to procead with removal instructions further.
THANK YOU, THANK YOU, THANK YOU, THANK YOU!!!! I was looking at BUYING I new computer! I thought I was totally screwed! This was amazing help!!!!! THANK YOU!!!!!!!!
Hay,went to system restore and removed thinkpoint, thank you very much…….It took 5 days to do it…….
Hi,
I was able to end the process hotfix.exe to stop thinkpoint, but when the thinkpoint screen goes away, no applications are available on my desktop. is there something that I am missing? Everytime i reboot, the thinkpoint comes up again. i also got system tool at the same time. Do i have any hope?
Alex: you will need to relaunch explorer.exe using task manager.
Thank you so very very much for the tutorial! 😀 You saved the day!
For everyone with extra questions/problems – I used Spybot search and destroy to remove it eventually because this program was free all the way.
i sent a message to help people why did u delete it
Hi.
Posts that essentially duplicates what was written in the guide and other comments above (read them) and is in all-caps (which is disrespectful) are considered spam. It does not help for people who come with specific problems (aka remover can not start even after removing hotfix, or detects nothing).
is it possible to start from a savepoint and thinkpoint be gone?
@Zac
Yeah Man! thxx this one has been helpful doing your way… so far so good. this thinkpoint issue is happening on my desktop and im on my laptop so…
I got Thinkpoint on Nov 27. Avast was not catching it. I downloaded Adaware, which worked. I did not restart, as prompted to do by Thinkpoint.
Charles: as long as savepoint is before original infection, yes. Though I recommend rescanning PC and updating your Antivirus/Internet security/Anti-malware programs.
BC: You are lucky. On restart, it integrates deeper into system.
As with others! Can get to Advanced Options Menu and Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt. hit the Shift+Ctrl+ESC and it takes me to select an operating system Windows XP Media Center or Microsoft Windows Recovery Console, what next
@Rick
I did highlight the Safe Mode with Networking first
One of the easiest ways to remove these types of programs it to use the system restore function. Go to safe mode, run system restore and just pick your last back up, or one from the previous week. This works best on Win7, but also works for XP. Have only run into one program that actual deleted all my restore points first, but I have found this method to work almost 99% of the time.
@marc
Thanks Marc! Followed your lead and it worked.Whew!
If you can’t get into safe mode with command prompt, try recovery console.
jarsh: 99% of times? I doubt it. The problem is that many of more advanced trojans manage infect restore points as well.
@Zac
This worked for me. Thank you very much.
Dude, this totally worked! Thanks you saved me!
You can also do a “system restore”, which is far less complicated.
I found it made a new Run key under HKLM_USERS_Microsoft and renamed the original Run-
I whacked the “new” Run key and restarted, Windows created a new Run key and I moved my startups over to it.
i try to do it but i can’t do the f8 thing and that thinkpoint window keeps popping up i try to do the shift ctrl esc thingie but it doesn’t work. help!!!!!!!!!
Steph: System restore does not work for everyone and it leaves the system vulnerable for reinfections.
F8 needs to be pressed when you reboot your computer (before windows starts)
Thank you so much. THINKPOINT RANDOMLY SHOWED UP ON MY COMPUTER AND I FOLLOWED YOUR DIRECTIONS TO GET IT OFF .. YOU SAVED ALL MY SCHOOL WORK.
I just recently got this virus today, i didnt know what was going on…so i do the ctrl alt delete procedure and it goes away, it brings me back to my desktop, but when i shut down my computer, log off, and i come back to my account, i still see the same thing, it goes away after the process of ctrl alt delete…but i want to remove it all the way, so when i come to my account my desktop will immediately show…do i have to pay to download something for it to completely go away? i dont have a job and no one can pay for it…please tell me what is good to download which will not give me viruses and is completely free? after i download it what steps do i need to do to remove it for good? i am sorry but i am confused and dont know who to go to, please help i would really appreciate it!!!
oh and i have no idea how the system restore works, it always has been confusing to me so i dont want to give that a try, i share this computer and i have 2 accounts…my account has been having this virus problem and i hope the other one doesnt deal with this….i really dont want system restore because who ever i share with…their files will be lost since it goes back to a previous time…
thank you! just remove key from registry and next remowe .exe file from /Application Data
I’ve done step 1 and 2 several times in safe mode. I don’t know how to download windows-shell.reg. I’ve ran Malwarebytes. I still cannot access the internet and the Thinkpoint still comes up.
Another suggest was to delete the hotfix.exe on task manager, go to File, Run New Task, and in the space type explorer.exe which will bring back your desktop and taskbar. then bring up internet, click Tools, Internet Options, Connections, LAN settings, and uncheck (if checked) box saying “use a proxy server for your LAN”. How can I change this if I can’t access the internet?
Doris: You do not need internet for stoping hotfix.exe . Once it is stopped (and registry key changed), you should be able to launch internet explorer.
Followed directions, opened task manager, stopped the process then used hitman pro 3.5 and it removed it completely and apparently other stuff as well.
Hey admin, I followed your instructions and downloaded spyware doctor and ran a full system scan and it detected the infected files but it’s saying I need to purchase the program to remove them.
AR106: If you want, expand each threat and delete files manually. Though I would advice using full version of Spyware Doctor – it will reduce risk of corrupting system and re-infections latter.
can i know how 2 remove the think point?
Read the guide 🙂
hello…where did the thinkpoint installed in my computer?
i can’t find it
Well: You have access to your PC and not us. Depending on OS version, it will be under C:\Users or C:\Documents and settings\ . Search for file called “hotfix.exe” from there.
I just helped someone get rid of thinkpoint but I wasn’t able to open safe mode using F8 so I ran explorer.exe before I killed hotflix.exe because I originally had issues finding hotflix.exe. The cpu had apparently already installed thinkpoint, although she hadn’t purchased the files so I just downloaded Avast (I’ve never had issues with this antivirus and it has helped me get rid of viruses before plus it’s free, although it has a professional version that costs money) and the cpu is now running a preboot scan. It pretty much isolates the virus in question so it should work. If not, I’ll try the spyware dr. The main contribution is opening explorer.exe if you’re unable to open safe mode for some reason or another.
I was on Neopets playing a game and this javascript plugin installation popped up. I didn’t install the plugin because it froze my firefox browser. About 30 seconds later, Thinkpoint popped up. I thought Malwarebytes Anti-Malware removed it a week ago and it came back. This time AVG detected Thinkpoint and removed it. However when I did a search on hotfix.exe, it was still there. I deleted the file. I also uninstalled firefox. Is there anything else I need to do to make sure it’s gone?
Admin! Our office computer was infected with thinkpoint. I’ve cleaned out hotfix.exe, but I’m just not experienced enough to safely delete anything else. Do you have any suggestions to keep our files safe until someone who isn’t computer illiterate can help?
Stephanie : AVG is not as good against malware. I recommend getting a decent anti-malware program like Spyware Doctor or malwarebytes.
HELP: It is always good idea to backup your data somewhere.
I cannot remove thinkpoint from my computer cannot get pass the pay page ctrl alt delete dont work or ctrl ssift esc it look like some one installed it Help how do I get rid of this
I got this virus & took these steps to remove it:
1.Restarted my comp in safe mode (by pressing F8 during boot-up)
2.Navigated to “C:\Documents and Settings\Administrator\Application Data\”
3.Found and removed files called ‘thinkpoint.exe’ & ‘setup.exe’
4.Re-start your computer in normal mode.
Job done! it now allowed me to run internet explorer, task manager and all other programs. It may well still be in my registry, but at least i deleted the program (‘thinkpoint.exe’) so now its not there to run anymore.
This is just a quick-fix and may not work for everyone, but it worked for me running win.xp pro.
Remember you will need entries removing from registry in time, but at least you can now access the internet/download & install any firewall/virus removers.
Happy surfing & BE CAREFULL WHAT YOU CLICK ON IN FUTURE! Just clicking on a link to a suspect website is all it takes to become infected.
Virus programs such as Norton 360 have a neat feature called ‘safeweb’ that will block most malicious sites and keep you safe.
One last point. If your computer will not allow you to delete in safe mode, try renaming them (anything will do) then restart, again in safe mode, & try to delete them now.
I noticed that Thinkpoint came in when I was using Weatherbug. I got sucked in and stupidly clicked on it. However, I did not purchase it and was able to get out using the task manager as advised above. However, when I restarted it contined to show up and I had to go thru the same process each time. I deleted all the temp internet files and cookies, but no change. Then I deleted the Weatherbug app and Thinkpoint seems to be gone. I will ask Trend Micro, who I have been working with, to check things out to be sure all is gone.
Actually, I should say I “uninstalled” Weatherbug.
If you can’t delete hotfix.exe just rename it to .ini or something, I was able to delete it after that.
Search regedit for the shell entry, fix it, reboot and start cleanup
i restarted my pc tapped f8 selected safe mode with networking. now the arrow keys won’t operate.
lamon: If the computer does not boot into safe mode with networking, try rebooting again (power off, and then power on) and use instructions for safe mode
Can you clarify steps #3-4 from your instructions for people who can not do anything? These are the original instructions you posted. Thanks.
>>>For users that CAN NOT DO ANYTHING in safe mode and Normal mode
Some users claim, that they can not boot or do something in safe mode or safe mode with networking, as thinpoint blocks everything.
1. Reboot, press F8, Choose SAFE MODE WITH Command promt.
2. Enter these commands: regedit
3. Update the the key with the following value [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. CD to EACH USERS Application Data subfolders and delete hotfix.exe
4. Shutdown /r /t 1
5. Press F8, choose safe mode with networking
6. Download Spyware Doctor ( http://www.2-viruses.com/spdoc.exe ), update, do a full system scan and delete what in detects.
7. Reboot.
I followed the advice and got rid of the think point and another one called antispy after downloading the trial of Spyware Doctor. I had already bought Norton 360 to upgrade and try to fix this the first time but I couldn’t get the “boot from CD” to work before I found this website. I’ve discovered even after getting rid of the think point that I still can’t get my machine to recognize anything in the disc drive. The device manager says the drive is working properly but it won’t read anything I put in there to test it. It worked fine before thinkpoint so I’m assuming it’s messed something up. How do I get my disc drive being read again?
Coach: Do a follow up scan with updated all programs you have. If it is clean, reinstall motherboard drivers.
Is there any other programme is JUST for deletting think point?
and also, what exactly means “CD to EACH USERS Application Data subfolders and delet hotfix.exe”?
Thank you for the site. I have a PresarioM2000 running Windows XP w/o any virus control. I got infected with Thinkpoint. I am 76 yrs old and loved DOS.
Here’s how I finally got it off after trying many things includind DOS.
!. Got into a safe mode which showed the Windows Start icon.
2. Searched for hotfix.exe
3. Deleted the two references for hotfix.exe
4. Searched for Thinkpoint file and deleted
5. Loaded and ran free 30 day version of Hitman Pro 3.5 and deleting Trojan Horses.
Thanks again and good luck to others!
I just had ThinkPoint attack my computer. I restored my computer to a time 4 hours ago, before it was attacked and it is fine now.
Best to my knowledge, there is no program that targets only thinkpoint. in C:\Users and C:\Documents and Settings (depending on version of Windows) there are subfolders for each of the user. In there there are AppData or Application data subfolders, where malware installs.
Shawna: rescan with decent anti-malware. Just in case – most scanners are free, and in many cases trojan downloaders might re-download infection back. System restore does not work in each case.
@Zac
Thank you so much. Your info helped me after trying many others.
Thank you again!
I do not understand step #3and 4 what exactly should I do. What do you mean by CD to each other, is it something that I ve to type and then what after. Thank for getting back to me because I’ve no computer and my task manager is disabled.
hey,guys even i got attacked by this thinkpoint.try this download a trojan remover and have a full scan.it truly works…i am glad i got ride of thinkpoint.
CD – command to change folders. In command line you type cd and new folder you want to go to.
Nao: Dont forget to rescan after that. Thinkpoint not always sole infection installed by exploits.
When I type “cd” how do I know what new folder to go to?
I only have one user on my computer so would I type “cd username Application Data” ?
And to shutdown /r /t 1 do I shut type “shutdown /r /t 1” ?
Also… when it says to update the the key with the following value [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe” What is the key that I am updating?
Jack: The one referencing hotfix.exe.
I can not restore the system when I choose to date, nothing happens stands there as if it was not responding but the task manager says ta execuntando help me please
Marcos : try other removal instructions, the ones with Safe mode with command prompt.
ThinkPoint attacted me too. I can’t get rid of it. When in safe mode I turn taskmanager it doesn’t allow me to stop anything. The ThinkPoint pop into and there’s that error sound when trying to do anything. I’m with my different computer now. I don’t what to do… Please help. I tried a lot of offers, but didn’t work anything. I tried to delete hotfix from notepads, but not all deleted. Some can’t save or anyway…. Pleeease help me. I use NOD32 antivirus and now i’m scanning. If i reinstall windows would it be gone?… All my documents are in different partition, so i think it’s not such a big deal…
Hey everybody…I had this thinkpoint pop-up today on my cpu and basically seize it…luckily the above instructions worked w/the exception of the dwnld of spyware doctor..I was abl to get on internet but cldn’t dowload anything…However I was able to press/tap f8 after I turned on my cpu..got to the boot-up screen…chose safe-mode w/netwking…Thinkpoint popped up..I then pressed ctrl+shift+esc…under task manager/processes found hotfix.exe and stopped that process..that took away the Thinkpoint pop-up and allowed me to atleast get to my desktop and start up menu…went to system restore and I was able to restore my cpu to the prev week and that rslvd the issue..HOPE THIS HELPS SOMEONE BCZ I WAS VERY FRUSTRATED UNTIL I GOT THIS TERRIBLE THINKPOINT CRAP OFF MY CPU…SOMEONE SHLD REALLY FILE A LAWSUIT AGAINST THEM BCZ I ALMOST CLDN’T REPLY TO A JOB OFFER THAT WAS SENT TO ME BCZ OF THIS!!!
I used super-anti spyware to remove this program and it seems to have done the job. If it hasnt completely removed it will spyware doctor remove the whole thing?
OMG I actually think it worked! What I found out:
Have the computer do a search for the Hotfix.exe
The commands that it refers to need to be typed in exactly as you see them “shutdown /r…blah blah” is an actual command that needs to be typed…took me a while to figure that one out.
Jason: It never hurts to scan with couple of programs.
I got this damn thing about 2 days ago. I have tried everything but none of the methods worked. I cant even use my mouse and keyboard, they just wont move. Finally i tried burning Kaspersky Rescue Disc 10 onto a CD and then run it at boot. After the scan i managed to get into window but i can not do anything because my stupid mouse and keyboard were still not working. Anyone know how to fix this?
Dennis: if it was USB mouse/keyboard then it might disable its drivers. You will have to reinstall them.
Many rogues mess PC’s with not so common configurations or devices.
The thing is it disable even the built in keyboard and mouse pad >..<.
@admin
I tried to plug in another mouse and keyboard but they did not work either. How can reinstall anything if i can not use any input device?
This is quite weird. Try reinstalling motherboard drivers.
In safe mode. If not, use windows repair CD.
@admin
I have a reinstallation disc from the manufacture. Can i use it to repair?
Nods, there should be a repair menu if you boot from that disk.
Thanks so much. The SAFE MODE WITH Command prompt worked like a charm when everything else failed.
I am very gratefull to you all for helping me out. I finally get rid of this stupid virus/spyware. I can use my mouse and keyboard again after doing a repair with window CD.
after i do a system restore, i finally can use keyboard and mouse again. I have already done a scan with spyware doctor, and get rid of all the infected files. Should i scan one more time with another anti spyware or should i look for the thinkpoint in registry?
No problem Dennis! I am happy to help. I recommend doing a scan with couple tools. If you are able to login and do not see thinkpoint screen, that key is unaffected. But there might be a trojan downloader or other parasite that caused the infection in first place.
use another User account and your antivirus will detect the threat is to remove only after I get there
worked with me I have helped someone
i followed all instructions and was able to get rid of the hotfix, was able to see my desktop, scan using malaware bytes, scan with avast, so i thought it is now safe to do windows update. after the windows update and reboot, thinkpoint is back again but now, its not hotfix but fowms2.exe .. am i missing something?
PRettyampz: Check hosts file and proxy first, if it leaves no malicious settings. Run TDSS killer as well.
It might come with rootkit.
Also, rescan with Spyware Doctor.
I don’t have an F8 key on my laptop. What do I do??
How can Thinkpoint still exist especially alongside Microsoft? Why hasn’t it been removed?
ThinkPoint is not made by microsoft. There are different trojans that promote it. When one trojan get cought, other trojans replace them and distribute malware firther.
I am trying to help my Dad try to regain control over his computer. The computer complete freezes after the login and I cannot get to the Task Manager, it freezes then too. I have tried to do it in safe and saft and network. I have also tried safe with command prompt. It freezes and doesn’t work if I put in. I was able to access the command prompt by going to repair computer after I restarted and hit F8. I was able to change regedit but I was not able to get to CD Application Data to work. It just tells me that directory doesn’t exist. I have tried to do a system restore but it cancels out and I am left at the same point. I don’t have access to the admin user but I don’t if the matters.
Any help with ideas? I would like to atleast get the files off the computer.
1. Boot Into Safe Mode w/ command prompt and enter the following commands:
CD Application Data
del hotfix.exe
del install
del completescan
regedit
2. Update the following key with the following value >> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe”
3. Enter the following command into the command Prompt: Shutdown /r /t 1
Yatzee : If you have access to other PC, try downloading and burning Ubuntu Live CD : http://www.ubuntu.com/desktop/get-ubuntu/download . Boot from it. Then move files to usb drive or over network.
Now about the repair.
First, try to go to C:\Users\[Your Dads username]\Application Data\
Thats the full path.
On XP it is C:\Documents and Settings instead C:\Users.
If this does not work, I would recommend either trying to do windows repair (with windows CD, there is repair menu) or complete reinstall.
Thanks. I got the files then reinstalled the OS.
It work perfectly.
FOR PEOPLE WHO CAN’T ACCESS THE INTERNET B/C OF THIS VIRUS…
If you can get into windows in safe mode by following the steps above, but can’t access the internet b/c of the virus, try deleting the files on the computer related to thinkpoint. I had a thinkpiont desktop icon that i could trace properties to other files ect….Once i deleted it, i was able to restart my computer in regular mode(not safe mode) and access the internet to download spydoctor and remove the virus completely. Spydoctor found over 17 ‘threats’ and over 80 infected files on my computer from this virus. This website was EXTREMELY helpful and spydoctor is awesome! Saved my computer and kept me from having to overpay someone to delete the virus for me. Thanks so much!
I tried to get it off but when I restart it the logon is black
Okay, friend of mine has laptop and has this issue. Starting normally just gets you a splash screen with “Scan This” and wanting you to get the ‘full version’. Also tried starting in all safe mode’s and still the same thing. Can’t get to task manager [gives message about security issue and won’t open it], can’t get to internet, there is NO start button nor can you hit the windows button to activate the start menu. Tried logging in as another user and would not allow it. How can I get this off of the PC? Through a DOS prompt?
I got my friends laptop today. Couldn’t get anywhere with it through safe mode no matter what the option. I did an “esc” on startup and went into system restore. Tried a few restore points but they all said they failed, however on the last restore, even though it stated it failed, the laptop rebooted and came up with the normal windows screen. After about 15 seconds another message popped up that stated the restore to 3/3/11 was successful. The laptop has a new antivirus program on it and it is running fine to this point. This was a real pain in the butt to try and fix it in any other manner as nothing would work whatsoever. Could not even get to a safe mode command prompt! This was the only thing that worked in the end.
The ThinkPoint Virus has changed!!! It is now called CleanThis. And to remove it you must enter Safe Mode With Command Prompt by pressing F8 after the BIOS load screen. Type regedit into the console and search your registry for gog.exe. Change the registry entry to Shell = Explorer.exe then close registry editor and type msconfig in the console. Click the far right tab called Tools and select Programs then click launch. From there navigate to your main Hard Drive (I.E. C:/ and search for gog.exe and delete the file from your hard drive.
THE NAME OF MINE IS CLEAN IT. i want to kill someone right now. I had security essentials, major defense months ago and then lost internet connection and gave up trying to fix for a while. i fixed it 2 days ago and now i have this. I tried a few things and in doing so shut my computer down several times. now it wont start up fully. Its a dell/windows xp. my screen is stuck at boot window where it lists… multi(0)disk(0)rdisk(0)partition(1)\windows\system32\ many many times with different words at the end. PLEASE HELP ME. please
This thing sucks. It took me 4 hours. Here is what I did. 1) Start in Safe mode with command prompt. 2) Type regedit 4) press enter. %) Hit ctrl f to search registry. 6) type gog.exe. Rename Shell to Shell = Explorer.exe. Close the registry. 7) type %systemroot%\system32\restore\rstrui.exe, and then press ENTER to run system restore. While it was booting up in system restore, I hit F8 to start in safe mode. It managed to restore. Good luck. Who are the tools who make these things? I would love to find them in the mom’s basement and beat the bag our of them.
I spent a good part of the day trying to get on line, spyware and the instructions here has returned things back to normal! How could I express my gratitude?!
Shane: Spread the word 🙂
hi, when i start my computer the ”clean this” shows up and i can’t do anything. i follow your steps and it still don’t work. what can i do?
help me please!!!
hello everyone. plz help me wid this.. i was not able to run d system on safe mode and safe mode with networking as this thinkpoint shit stopped it frm starting, nor was i able to start my task manager because of it. bt safe mode wid command prompt did work bt i got stuck in the last step of it where it says CD to EACH USERS APPLICATION DATA subfolders and delete hotfix.exe. i just dont understand wat this means and wat i have to do. wat does this CD means and how can i do it. plz plz guide me wid this. i really need help 🙁
@Richard Johnson
Oh, blow me. It’s just no one cares to hack a MAC.
Dear ADMIN… I am an 80 year old grandmother who is a bit confused at this point: I am on my desktop computer (unprotected for months now as Norton ran out after trial period.) My son in adjacent apartment networked his wireless laptop to my desktop computer. Fine.
HOWEVER, he has a Norton software installed on his laptop. I have a virus on mine. How could he have gotten a blocked email from me when I never sent him anything via email as I do not have/need his email address?
Thank you in advance for your answer!
Irene: Never post your email in public (comment text). That is one of the ways spammer get your email – gathering information from websites, documents on infected PC, etc.
after an hour running scan then to find out its 30.00 bucks. I know everything cost but u could have thrown that in bout there’s no way until after the fact.