Fake antivirus program: Thinkpoint

October 16, 2010 at 16:07:36
Specs: Windows Vista
When I start my computer, a fake anti virus program called Thinkpoint starts running. It´s impossible to close it and return to Windows. I´ve tried to press alt f4, getting a black screen, and then pressing ctrl alt del starting the windows task manager. When i do this the screen turns black again and it´s not possible to close any programs. HELP!

See More: Fake antivirus program: Thinkpoint

Report •


#1
October 16, 2010 at 18:59:16
Hi,

Use Malwarebytes Anti-Malware to remove the Thinkpoint virus.

If it doesn't work try booting into safe mode, then run Malwarebytes Anti-Malware.

http://www.geekpolice.net/malware-r...


Report •

#2
October 17, 2010 at 04:40:20
Thanks,

but how can i run it when i cant get past the black screen after trying to open windows task manager to close thinkpoint?


Report •

#3
October 17, 2010 at 05:09:54
Thinkpoint starts running before Windows Explorer does. So once you've pressed alt-f4, pressed ctrl-alt-del, and ended the Thinkpoint program, you need to start it: from the File menu in Task Manager, choose "New task", enter explorer.exe, and press OK - should now start normally, and you can then run Malwarebytes as suggested above to clear it up.

Report •

Related Solutions

#4
October 17, 2010 at 06:38:18
Are you able to remove it from Safe Mode with networking? It was annoying but I got past the thinkpoint window. Should I be running my computer normally? or can the Malwarebytes program fix it from safe mode?

edit: oh and will the Malware program's freeware version be able to pick it up? or would you need to purchase it


Report •

#5
October 17, 2010 at 06:52:52
Ive been trying to remove this since yesterday noon. i cant install Malwarebytes software because i cant get into my admin account (ANY WAY AROUND THIS WOULD DO JUSTICE??) Ive tried using rkill.exe. It opens but just says please be patient. I highly doubt its doing anything because as soon as i open it it says "pev.rkexe has stopped working"

Viruses and and the people who make them are LAME!
Help Please


Report •

#6
October 17, 2010 at 09:44:07
okay so this virus is really annoying.i dont know how it got on my pc but it sucks. i've tried malware bytes because its on my desktop in both safemode with networking and regular. When i opened up malware and did a quick scan it showed me the virus i immediatley clicked remove and it did, i thought it worked because i scanned it again(in regular mode) with panda security and it told me no viruses were detected so i felt pretty good until i opened up interenet explorer and the same pop up for the same virus popped up again!!!!

now i cant open internet or any other internet based system(firefox,safari etc.) and i cant open system restore OR task manager!!! HELP ME!!!!!!!


Report •

#7
October 18, 2010 at 00:46:07
It´s just that I cant´t open the task manager. I press ctrl alt del and then when i choose the task manager - the screen turns black again and the task manager doesn´t show up.

Report •

#8
October 18, 2010 at 08:17:51
I had the same problem, I used Malwarebytes and it works!
What I did was download in my lap the malwarebytes, then passed it to the infected PC. If you use that version you won't eliminate the problem, you need first to update the Malwarebytes once installed on the infected machine, then run malwarebytes and end of the problem!

Report •

#9
October 18, 2010 at 10:58:36
So I have to download the Malwarebytes on another computer, save it to a cd and then use the cd on my infected laptop? SOrry for asking stupid questions, im really not a computerperson.

Report •

#10
October 19, 2010 at 07:02:15
As per response #5
"It opens but just says please be patient. I highly doubt its doing anything because as soon as i open it it says "pev.rkexe has stopped working"

Sometimes you have to run it 5 or 6 times to stop an active malware. You have to have patience...give it time to end the process.
Once it ends it, do a full scan with Malwarebytes.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#11
October 20, 2010 at 00:04:47
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Report •

#12
October 20, 2010 at 13:23:03
But I cant download the program on my infected computer when its impossible to enter windows! the task manager doesnt pop up when i try to start it.

Report •

#13
October 20, 2010 at 19:20:42
I just got rid of ThinkPoint today. It took a while since I couldn't get on the internet. I had the same problem opening TaskManager and Internet Explorer. So I went to the Control Panel and made another account and switched users. Before I logged in on my new account, I had shared my files (regular account) with my new account and was able to use internet explorer and open TaskManager. When I opened TaskManager (on the new account), it showed all the files that are on my computer. I clicked to see all of the files from both my regular account and the new account I created. And hotfix.exe is one of the files from ThinkPoint and I clicked on end process. I switched back to my regular account and downloaded MalwareBytes Anti-Malware, by this time Internet Explorer was working on my regualr account and scanned all of my files on my computer. This is took some time, for me it was almost 2 hrs, you just want to make sure all the files for ThinkPoint is removed. Once the scan is done, whatever infected files were left from ThinkPoint, I removed those files and restarted my computer again. And everything was back to normal. Just in case I ran a scan through the Virus System I used on Windows Vista and the "scammed virus" was gone. I hope this helps you.

Report •

#14
October 20, 2010 at 19:31:33
I'm sure rkill.exe would save lots of steps.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#15
October 21, 2010 at 14:19:30
2SMRT4U: thanks. but how can I get to the control panel when i cant get past thinkpoint(so i cant enter windows)?

Report •

#16
October 21, 2010 at 21:23:27
ruthvil, you can use this guide to clean the infection and get to your desktop:

http://www.bleepingcomputer.com/vir...

BC is the only site i would trust.


Report •

#17
October 22, 2010 at 06:50:57
thanks you, but as i´ve said, im not able to open the task manager. when i press ctrl alt del the screen that allows me to open the task manager appears, but when i press "task manager" the screen turns black and im not able to close hotfix.exe in the processes tab. :(

Report •

#18
October 22, 2010 at 07:07:54
try a system restore to before the problem and then use your removal tools

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#19
October 22, 2010 at 12:23:13
My brother just got the Thinkpoint virus. After start up it shows a black screen with the thinkpoint program running.

A pop up window saying " your system will reboot in 60 sec. " shows up after a few seconds and the system restarts.

We have tried every solutions suggested in here but it is impossible when the machine keeps restating.

Help :o)


Report •

#20
October 23, 2010 at 08:07:48
Tips from 2SMRT4U helped Thanks a lot.
I ran the Malware using new account

Report •

#21
October 23, 2010 at 09:32:21
Here's a how-to on how to PREVENT fake AV's from getting on your PC
http://www.computing.net/howtos/sho...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#22
October 23, 2010 at 11:28:28
Ruthvil--I couldn't get past the screen either. Here's what I did. I have Windows 7 but I think it would work for anyone

THIS IS FOR WINDOWS 7 USERS: Ok here is another way if your safe mode with networking is also disabled/infected. Reboot and hit the F8 key, then go into start in safe mode command prompt, then in the command prompt simply type explorer after the backslash. This should allow you to see your desktop screen in the background. Once you see your desktop, then close the command prompt screens. Double Click on your icon that looks like computer screen (My Computer). Then do a single click on your C:/ drive (do not open it). Then in the upper right of the same screen you will see a search box, type in hotfix, then hit enter. You should probably see three or so associated files pop-up with hotfix in them. Right click on each one and delete them. Then empty your trash can and reboot. YOU ARE SAVED!!!


Report •

#23
October 24, 2010 at 17:29:57
I read all and also other ideas/facts that rids ThinkPoint. My laptop has this damned virus but i read keep clicking f8 brought up black screen with white lettering choices but i wonder if the virus also prevented me from scrolling to the statement to rid virus.
this virus is preventing me to use mouse and up/down scroll. They charge around $40 to fix or so but I have Dell lattitude D600 so it's used but did me great and perhaps need new or good used of same or better but all I need is (40?) or 60 G hard drive but wouldn't mind fast and great free antivirus. I live in hamilton Canada and I listen to friends and retailers...go for net book. Go for Acer. No go for this or that but I don't want to spend more that $300 or do I have to as I am fortunate to finally get a new p/t job is NOT great pay...

Report •

#24
October 26, 2010 at 19:42:38
I can't get task manager to show up. Whether i'm in safe mode (networking or command) nothing works, all i get is a black screen. Control alt del does nothing, nor does control shift esc or f8. What else can i do? Please help

Report •

#25
October 27, 2010 at 06:50:44
Does anyone know who published "ThinkPoint" or where they are?

I would like to go after them in both criminal and civil courts.


Report •

#26
October 27, 2010 at 09:39:45
Turbo...
The problem is that the people who write these trojans are usually operating from Brazil or The Former Soviet Union. I don't know about this particular trojan but many are financed by powerful crime syndicates that are focused on using the internet to perpetrate identity theft. The situation is very bleak -- there is no way to go after them.

Report •

#27
October 31, 2010 at 21:31:50
This worked for me:
hit ctrl-alt-del to bring up the Task Manager. If that doesn't work, hit alt-F4 one or more times and then try ctrl-alt-del again.
If/when the Task Manager comes up, click on the "Show processes from all users" box. Then click on the Processes tab; find and highlight the "hotfix" entry and then click on "End Process". This should end the current ThinkPoint program.

Next click on File/New Task. Enter the command MSCONFIG and click OK.
Click on the Tools tab and then click on System Restore and then on Launch.
This will give you an opportunity to restore the system to a date/time before the malware/virus was installed.
Run a good antispyware & antimalware program(s).


Report •

#28
November 1, 2010 at 23:23:00
Yup, just happened to me!! Funny there wasn't a warning out there for this. Wish I knew how to make one for all to see!!

Anyway This is how I solved the problem. Shut down computer. Pressed Esc & Power @ same time to start it. Did this twice and the 2nd time I had a chance to select "Startup Repair" Did that, then selected "System Restore". It worked!

After that I did have to Run a Live-Update on Norton; took about 15 min. Now all ready to go. Just wonder how I got this virus???


Report •

#29
November 3, 2010 at 09:44:41
ThinkPoint is a rogue spyware (Double agent/fake program). Its a virus that is aimed to earn some extra money by tricking users into paying license fee for virus removal. To remove Think Point virus manually or by using a malware removal program, follow the instructions within this link
http://techvts.com/security/thinkpo...

Happy Virus Free Computing(.net)
Virus Removal tutorials and Softwares


Report •

#30
November 7, 2010 at 06:33:29
I just uninstalled everything, i used 2 tricks I found on the subject, starting with ctrl+alt+del on boot after a powercut to the system (held power till reset) after the attempt to install thinkpoint (may have canceled first?).

i ended the hotfix process, then used the search feature to find the hotfix.exe, renamed it to hotfix0.exe, then I immediatly ran Malwarebytes to remove 21 infections. I still found hotfix0.exe after Malwarebytes reset my computer and deleted it through the search field manually with a quick empty of the recycle bin. I also got a RUNDLL error dmgses.dll...whats that about?

Id also like to ask if the hotfix files under realtek audio belong there?

Also: rkill found nothing at all befor i started all this.

If i dont make it back....dont try my way.

2nd scan revealed nothing. nothing found in search. no rundll error on reboot.

gonna do it one more time when i go to bed for good measure.

All is well. Good Luck to yew all.


Report •

#31
November 8, 2010 at 10:10:48
Even I got a hit by this s---ty THINKPOINT, It made me go and SCAN ONLINE, which apparently had some bad message behind it (may INSTALL), I tried several ways to recover back to original, I did this - created another administrator account and limited my original account, and later by logging into the admin account I deleted the previous account. Now all my files were deleted and could remove the program through Control Panel, I don't know still my PC is safe or not....
Please suggest something better...

Report •

#32
November 10, 2010 at 06:19:24
People should try alternative security programs for this virus removal, like Superantispyware or Spyware Doctor..As I have read, it is also recommended launching Safe mode with networking just after reboot and then going to stop hotfix.exe and thinkpoint.exe processes - this will disable a virus

Report •

#33
November 10, 2010 at 21:20:10
I've had 2 customers pcs with this problem, in as many days.
This worked for me, so please try it.
I've copied this from a post I have done on another forum. http://realgardeners.yuku.com/topic...


Malware, by the name of "Thinkpoint", is doing the rounds. Had 2 customers pulling their hair out, in as many days.
It won't let your desktop load, or let you do anything, but you can get around it quite easily.
When it first splashes onto the screen, click on, carry on unprotected. It will then do a scan and tell you all the nasty stuff you have on and guide you to purchase their product. Don't go there, of course. If you click on settings and then down in the bottom lefthand corner, check the box that says, start unprotected and save. Your desktop should now load. Go straight to http://www.eset.com/online-scanner and do a scan. There will probably be a thinkpoint box in the bottom left of your screen, promting you to purchase. That should magically disapear during the scan. That should be it sorted.
I'm writing this from memory, ahem, so it may not be word perfect, but should be enough info to see you through, should the worst happen.

Interestingly enough, both machines were running Microsoft Security Essentials and I'm lead to believe it may have come in from an update. If anyone else has any info on that, please post.
I'm running Security Essentials on this machine, and so far so good.


Report •

#34
November 10, 2010 at 22:53:02
Try to uninstall it.
Here are the instructions to remove ThinkPoint

Report •

#35
November 20, 2010 at 06:49:07
noodnick9 - I tried everything else, but this solution worked! thanks

Report •

#36
December 12, 2010 at 02:24:44
Alright guys,

I just fixed a computer with this problem running vista....

Start the computer in "Safe Mode with networking"
after the thinkpoint screen loads push the command CTRL+ALT+DEL this will bring you to task manager. Find the process hotfix.exe and kill (end) the process.

at this point you will only have a blank black screen behind your tak manager. you can go in ms-dos prompt and delete the hotfix.exe so if you have to reboot the screen wont happen again.

to delete the hotfix.exe:

While in task manager go to File and select "run new task". then type "cmd.exe" in the open box. this will pull up your command prompt.
you then type "CD C:\Users\**USERNAME**\AppData\Roaming then after the directory is changed type "del hotfix.exe" this will stop the thinkpoint screen from loading if you have to reboot.

After you delete the hotfix.exe you will go back into you task manager, dont panic if you cant find it JUST USE CTRL+ALT+DEL and select task manager.

Goto File, then selet "new Task".

now the next task can be done two ways

1. you can type "explorer.exe" in the open box and it should take you to your desktop
(which this did not work for me because the virus was stopping it)

or

2. you can type "C:\Program Files\Internet Explorer\Iexplorer.exe" this will take you directly into your internet. (this is the option i had to use)

After Getting back to you desktop or straight into the internet...YOU MUST DO THIS>>>>the virus has only been stopped NOT REMOVED so you must do this next step or you are just leaving the virus sleeping on your computer

while in internet explorer go to "www.malwarebytes.org" download the free version and run the full scan option after running the scan you will want to click the "See Results" button that is available after the scan is ran. this will load a detailed page of what was found and it will have the virus and malware selected. there should be a "remove selected" button at the bottom of this page. after this is done it will require you to restart your computer.

(remember guys even if you got a blank black screen the computer is still kicking and is operating. it just we are so use to seeing the desktop to run the computer)


Report •

#37
January 30, 2011 at 09:29:56
ThinkPoint Sucks!

Report •

Ask Question