"Thinkpoint" virus thing

October 15, 2010 at 18:41:10
Specs: Windows 7
Yeah. . . A security window about a Trojan popped up on my friends Windows 7 machine and I brilliantly let it scan instead of installing/running my own antivirus program. Then it restarted and will not boot all the way to the desktop. It (even in safe mode mind you) goes to a program labeled "ThinkPoint" It then scans the machine and says I need a heuristic program. It then offers to sell me one for ninety or so dollars. I can kill it with either Alt+F4 or Windows Task Manager, but it leaves a blank screen and I am not savvy enough to get to the internet or something from Task Manager.

I normally would just search for a solution, but I cannot find ANY information on Thinkpoint ANYWHERE. If anybody has some info or a solution, please let me know. This is really confusing me.


See More: "Thinkpoint" virus thing

Report •


#1
October 15, 2010 at 19:01:40
Note: the file is tied to a process called hotfix.exe.

Report •

#2
October 15, 2010 at 19:11:45
Another note: I got past the black screen by running "Explorer.exe" as a new task after disabling hotfix.exe. I'm now running Malware Bytes, so it should be done when that's over. At this point I'm just posting in case some other unfortunate soul gets caught with this. Sorry for cluttering your forum.

Report •

#3
October 15, 2010 at 22:01:55
I have it too, How do I get rid of it. A simple step by step would be great I don't know much about computers

Thanks
Ag


Report •

Related Solutions

#4
October 15, 2010 at 23:11:52
alors pour enlever le virus il faut demarer l'ordinateur puis quand la fenetre de thinkpoint aparait tu fais alt + f4 ça fermera la fenêtre et laissera un ecran noir . a partir de la tu fais ctrl + alt + supr puis tu ouvre le gestionnaire des tâche , tu fais nouvelle tâche . quand ils te demandent le nom de la tache que tu veux exectuer tu marque Explorer.exe et a partir de la c'est bon tu peux faire ce que tu veux sur ton ordinateur

Report •

#5
October 15, 2010 at 23:16:47
Then to remove the virus it is necessary to start the computer then when the window of thinkpoint appears you make alt + f4 that will close the window and will leave a black screen. From kept silent make ctrl + alt + supr then you open the administrator of try, you make new task. When they ask you for the name of the spot that you want to executer you mark Explorer.exe and has to leave of the it is well kept silent can make what you want on your computer

Report •

#6
October 16, 2010 at 04:30:25
i've got it too. i don't understand how to get rid of it. whats the easiest way? i cant find hotfix.exe in programs.
i'm running windows 7 but am new to computers. i have mcafee total protection but it does not find anything on thinkpoint or any virus. is it a virus? i have no credit card so i cannot purchase other anti-virus programs. is there anything out there that will automaticlly get rid of this for novices like me? i feel a bit stupid when trying to follow instructions by others on this forum and they don't work. i need the easy fix and full instructions. can anyone help?

Report •

#7
October 16, 2010 at 05:54:44
Thinkpiont
malwarebytes anti-malware is rumoured to to fix the problem:
http://www.gamefaqs.com/boards/2000...

I'm runnign it now on the infected kids computer, keeping my fingers crossed....

Yes! It worked! Found a removed bunch of trojans and rootkits
Malwarebytes rules, Norman security (free with the computer) not worth the price....


Report •

#8
October 16, 2010 at 06:02:48
I've got it aswell. It sent loads of dodgy videos to all my facebook friends.

I've loaded McAfee antispyware but it hasn't solved it. Trised the process noted on here but not sure if its worked.

Another idiots guide to getting rid of it would be good if someone could please help??


Report •

#9
October 16, 2010 at 08:11:01
Windows Vista user here, I got it as well. I've managed to delete the "hotfix.exe" file in the %appdata% folder, using Revo Uninstaller's hunter mode. I'm currently running Malwarebytes to see if there are any other traces of the infection.

Report •

#10
October 16, 2010 at 08:12:49
Use Rkill.exe to kill the process and then run TDSS Killer. After that do a full scan with malwarebytes, that should remove the problem. Sounds like a variation of a rootkit was installed and TDSS killer should remove it and malwarebytes will clean up the rest of it.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#11
October 16, 2010 at 08:58:22
I also got past the Thinkpoint program to the black screen but my Task Manager appears to be gone as it no longer appears in the list that usually comes up when you enter ctrl alt delete in Windows 7. Can anyone please advise on what I should do? At this point, I'm thinking (see what I did there?) about just reinstalling Windows.

Report •

#12
October 16, 2010 at 11:43:59
hi
I got this problem in windows xp
and tried to remove it and successfuly did it
by this to files :
combfix
General Removal

note : first press Ctrl+Alt+delete to end proccess pf the program and in new task run c:\windows\explorer.ex


Report •

#13
October 16, 2010 at 11:52:18
'I got this problem in windows xp
and tried to remove it and successfuly did it
by this to files :
combfix
General Removal'

bahare, Why not give the proper download page for combofix?
http://www.bleepingcomputer.com/com...
That is the right place to get it. Also follow the guide carefully on the webpage when using it.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#14
October 16, 2010 at 12:11:04
Hello, this may or may not help i also had this so i let let thinkpoint do the virus scan and then accepted the link to the payment page, i then clicked on SETTINGS and ticked the bottom box which said soamething like "allow unprotected login" i then ran my AVG which identified and killed it. I am not an expert, but i hope this helps.

Report •

#15
October 16, 2010 at 13:06:14
A step by step guide of how i got through it

1. booted up, let the program go through it's scan until I was able to get to my desktop
2. From another computer put rkill.exe and malewarebytes on a flashdrive and brought it over to my infected pc
3. Ran rkill.exe to kill the hotfix process
4. went to C:\Users\**YOUR USERNAME HERE**\AppData\Roaming and deleted hotfix.exe (note you can't delete this file until you kill it using rkill.exe)
5. ran malewarebytes and did a full scan


Report •

#16
October 16, 2010 at 13:28:36
Windows 7
F8 upon startup, At the top of choices "MS repair tool" or diagnostic something or other. Anyway, used restore point took care of ThinkPoint.

Report •

#17
October 16, 2010 at 18:47:07
Hi,

Use Malwarebytes Anti-Malware to remove the Thinkpoint virus.

If it doesn't work try booting into safe mode, then run Malwarebytes Anti-Malware.

http://www.geekpolice.net/malware-r...


Report •

#18
October 16, 2010 at 19:03:56
i was able to remove the thinkpoint virus using malwarebytes and rkill.exe and tdsskiller but now everytime i boot into windows i get "error loading eleyudafawi.dll. The specefied module could not be found." Anybody? System seems to be running fine, but I don't want this to reek havoc down the road. Anyway to restore that dll file? Thanks

Report •

#19
October 16, 2010 at 19:27:07
' i get "error loading eleyudafawi.dll.'

A google search came out empty for that dll so that means it is malware.
Try Trojan remover and hitman pro. That should remove that error for you.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#20
October 16, 2010 at 19:50:31
thanks for the help! i went to 'melwarebytes', downloaded free trial and ran a full scan on my computer. it picked up a trojan virus and removed it by following the prompts. took a little under and hour. restarted my computer and BINGO, no more 'ThinkPoint'. thanks again.

Report •

#21
October 16, 2010 at 20:49:31
hello im jackie
and my hp computer had the same problom
i cant fint the ctrl + alt + supr button
and it just stays black how can you take of the black i really need some help
write back
hotmail
pinck_lover@hotmail.com


Report •

#22
October 16, 2010 at 21:14:31
just got this "thinkpoint" thing too. walked away from the PC came back and it had taken over my computer .. was able to get online thru an alternate user login. gonna scan it off the system from here

Report •

#23
October 17, 2010 at 05:22:56
Ive been trying to remove this since yesterday noon. i cant install Malwarebytes software because i cant get into my admin account (ANY WAY AROUND THIS WOULD DO JUSTICE??) Ive tried using rkill.exe. It opens but just says please be patient. I highly doubt its doing anything because as soon as i open it it says "pev.rkexe has stopped working"

Viruses and and the people who make them are LAME!
Help Please


Report •

#24
October 17, 2010 at 06:50:16
really hoping this works for me... so far it actually found 4 trojans in 20 minutes =p ha ha... family computer... I guess it gets around a bit lol. Really hoping this Malwarebytes program fixes this Thinkpoint...

Is Thinkpoint like a brand new virus or something? everything I have read about it seems to have been from within the past 3 days only.

edit: half an hour through... 10 trojans found thus far... was it like this for anyone else? or is my computer just a trojan magnet?

Also, what is TDSS Killer? could someone provide a safe link for the download page?

edit 2: alright, the program found 17 problems, removed them all and there is now no trace of the virus. Thank you all.


Report •

#25
October 17, 2010 at 11:33:29
google is your friend...when in doubt maybe try it
Here's the link to Tdss killer
http://support.kaspersky.com/viruse...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#26
October 17, 2010 at 12:22:39
Alright guys,

I just fixed a computer with this problem running vista....

Start the computer in "Safe Mode with networking"
after the thinkpoint screen loads push the command CTRL+ALT+DEL this will bring you to task manager. Find the process hotfix.exe and kill (end) the process.

at this point you will only have a blank black screen behind your tak manager. you can go in ms-dos prompt and delete the hotfix.exe so if you have to reboot the screen wont happen again.

to delete the hotfix.exe:

While in task manager go to File and select "run new task". then type "cmd.exe" in the open box. this will pull up your command prompt.
you then type "CD C:\Users\**USERNAME**\AppData\Roaming then after the directory is changed type "del hotfix.exe" this will stop the thinkpoint screen from loading if you have to reboot.

After you delete the hotfix.exe you will go back into you task manager, dont panic if you cant find it JUST USE CTRL+ALT+DEL and select task manager.

Goto File, then selet "new Task".

now the next task can be done two ways

1. you can type "explorer.exe" in the open box and it should take you to your desktop
(which this did not work for me because the virus was stopping it)

or

2. you can type "C:\Program Files\Internet Explorer\Iexplorer.exe" this will take you directly into your internet. (this is the option i had to use)

then while in internet explorer go to "www.malwarebytes.org" download the free version and run the full scan option after running the scan you will want to click the "See Results" button that is available after the scan is ran. this will load a detailed page of what was found and it will have the virus and malware selected. there should be a "remove selected" button at the bottom of this page. after this is done it will require you to restart your computer.

(remember guys even if you got a blank black screen the computer is still kicking and is operating. it just we are so use to seeing the desktop to run the computer)

AND TADA FINISHED you should be THINKPOINT FREE AND THE WAY TO BE....the computer I work on also had a Anti-Virus 8 on it which is also a virus, or fake report just say so if you have it and i can tell you how to remove it


Report •

#27
October 17, 2010 at 12:40:49
Thanks Vader!

The steps you layed out worked for me, but I didn't need to use rkill.exe just windows task manager. Here's how I did it.

In my case "ThinkPoint" had already taken over my computer and forced a restart into it's forced "safe startup" (the normal startup button is greyed out in the ThinkPoint window).

So, if you are lucky and catch it early you may not get to that point. You should just be able to right-click on the taskbar and click "Start Task Manager" or press Ctrl + Alt + Delete and click "Start Task Manager" at the bottom of the list of the log on screen that comes up (in Windows 7), click on the "Processes" tab, click and highlight "Hotfix.exe" (or "hotfix.exe" can't exactly remember), and click "End Task". If it asks you "are you sure you want to end this task?" click yes. This will close the "ThinkPoint" program.

If your computer was forced into a restart, once the "ThinkPoint" window comes up you can either press Ctrl + Alt + Delete and click "Start Task Manager" at the bottom of the list of the log on screen that comes up (in Windows 7), click on the "Processes" tab, click and highlight "Hotfix.exe" (or "hotfix.exe" can't exactly remember), and click "End Task" to stop the "ThinkPoint" program (this will just give you a black screen if you don't do anything else), then click on the "Applications" tab of the task manager, click the "New Task..." button on the bottom right, and type in "explorer.exe" in the blank box of the window that pops up, then click "ok" (this will start windows explorer and your desktop should start up as normal) or you could wait the 5 - 10 minutes for the "ThinkPoint" program to run its fake virus scan. (I'd go for the first option and save yourself some time!)

(BTW this "ThinkPoint" program runs on start up even in safe mode, so you don't need to bother doing that, just stop the process and remove it)

Either way you must now get rid of the virus. Here are the steps I took to do that.

1.) End the "Hotfix.exe" process
2.) Go to...

C:\Users\**YOUR USERNAME HERE**\AppData\Roaming

(on Windows Vista and Windows 7, on Windows XP it will be under something like

C:\**YOUR USERNAME HERE**\Documents and Settings\LocalSettings )

and delete "Hotfix.exe" that is in that folder. (you must have stopped the process before you will be allowed to delete the file)
3.) Go to...

http://www.malwarebytes.org/

and click on the "Download Free Version" button which will take you to a CNET download page. This will download the latest version of Malwarebytes Anti-Malware software.
4.) Install the Malwarebytes Anti-Malware software, and at the end of the setup make sure the two boxes are checked for update now and run now.
5.) Run the "Full Scan" on Malwarebytes Anti-Malware and remove all detected malware.

Now you should be good to go!

It worked for me! Best of luck!

Cheers!


Report •

#28
October 17, 2010 at 14:39:16
Hi, I am also having this problem. I downloaded the malwarebytes and when I try to open the program up I get an error "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Report •

#29
October 18, 2010 at 14:24:44
Hello everyone with the Thinkpoint problem! I read all these posts, and took a piece of everyones advice.

On a Vista Machine

On start up alt+F4 when thinkpoint window starts, and alt+F4 until you screen is blank (black). Alt+CTRL+DEL at this point for task manager and in the processes tab select hotfix.exe and end process. Then file>new task (run...) and type explorer.exe. Then as Vader said, (but inside windows) hit start and type cmd.exe and type CD C:\Users\**USERNAME**\AppData\Roaming and hit enter then type del hotfix.exe. and reboot. I couldn't get the malwarebytes program to run either. Maybe some of you have a better program? Thank you for posting on this subject! This information solved my problem!


Report •

#30
October 18, 2010 at 15:57:03
THIS IS FOR WINDOWS 7 USERS: Ok here is another way if your safe mode with networking is also disabled/infected. Reboot and hit the F8 key, then go into start in safe mode command prompt, then in the command prompt simply type explorer after the backsslash. This should allow you to see your desktop screen in the background. Once you see your desktop, then close the command prompt screens. Double Click on your icon that looks like computer screen. Then do a single click on your C:/ drive (do not open it). Then in the upper right of the same screen you will see a search box, type in hotfix, then hit enter. You should probably see three or so associated files pop-up with hotfix in them. Right click on each one and delete them. Then ampty your trash can and reboot. YOU ARE SAVED!!!

Report •

#31
October 18, 2010 at 21:11:05
I got it too.. don't know how it got on my computer since i have McAfee but did some research and found this site
http://www.geekpolice.net/malware-r...

I downloaded the free software and it removed the problem. It is rated 4 outta 5 stars for malware protection. you can buy it or use the free download, either way IT WORKS!!! I have windows 7 but was assured that it will work for other programs as well


Report •

#32
October 18, 2010 at 23:54:19
I caught it on a Windows 7 mini laptop and could not access taskmanager or the internet. The way I fixed it was to download malwarebytes on another user account on the laptop.

Report •

#33
October 19, 2010 at 17:06:31
Marduck's instruction DO WORK - whew! ThinkPoint popped up on me and like a genius (pun intended) I let it scan - wasn't long and it had control - I couldn't get on the internet (at all), couldn't access my Task Manager and was at a loss. I was able to run my av, but it found nothing - all the while Thinkpoint kept popping up.

I followed Marduck's instruction and was able to get past it long enough to get online to download Malwarebytes - I'm running it now to see if it finds anything else related (or even not related) to ThinkPoint.

Thanks Marduck!


Report •

#34
October 19, 2010 at 20:35:04
Terry Q You are AWESOME! I am a computer moron and your precise, easy to follow instructions have saved my sanity as well as my computer! I will always use computing.net and hope that I can find you! I almost can't believe that you corrected my problems. I never got the black screen but kept with your instructions, "next task done in 2 ways", I used way #1 and TADA (to use your words) all is good. I never even had to go to the melawarebytes site...THANKS and I'll pass your instructions on!

Report •

#35
October 21, 2010 at 07:39:12
start computer keep tapping f8 key.use arrow up key to select safemode .press enter key.do systems restore.

Report •

#36
October 21, 2010 at 09:33:44
restart system

when thinkpoint starts scanning - ctrl-shift-esc and end task hotfile.exe

click on new task .
go to c/users/[username]/appdata/roaming/hotfile.exe and rename it

restart the system now..
it would have vanished..
now run an antivirus and remove it..


Report •

#37
October 21, 2010 at 19:45:30
Hello all

I have done all that... deleted hotfix, installed malwares found nine infected files, deleted them,,,,,However I am now locked out of my computer,,,I cannot get past the initial black screen to my desktop, and when I try to run explorer.exe it says I do not have the right permission !!!!!!

I am now going to try another wave of malware scanning in safe mode in some attempt to restore some functinos.....whoever else can help pls do so....

If you are the thinkpoint virus creator, MAY YOU BURN IN HELL YOU FRIGGIN BATARD !


Report •

#38
October 23, 2010 at 12:52:47
JL Beck... you are better than I and my daughter's computer has this Thinkpoint thing on it. I do not know how to get past the black screen with the Thinkpoint. Anyway you can walk me thru this?

Report •

#39
October 24, 2010 at 08:31:16
Microsoft Security Essentials will also deal with Thinkpoint. I downloaded, on another computer, to a usb drive. Killed hsfix (on the infected laptop,) ran the MSE file, helped get it to the web and check definitions (you must do this.) When it was happy, did a quick scan with it (took a while.) When it was done, rebooted normally and thinkpoint was gone.

The nice thing about MSE is it's free, and not trying to sell you anything...


Report •

#40
October 24, 2010 at 11:14:19
I let the "scan" run it's course. Then you are unable to go to the Internet to download anything. Go to control panel and create another user , could be guest user. Go to that account. Then you can access task manager , go to processes. At the bottom click "all users " and find the Hotfile.exe. Stop it. Go back to your user account. Now everything is working. Download Malwarebytes and get rid of itt. Worked for me , took me a while to figure it out , but was worth it !!! Good luck !!

Report •

#41
October 24, 2010 at 13:16:54
Just a word of caution--Microsoft Security Essentials is not compatible with McAfee and other AV programs. Directions for using it are to uninstall those products.

My experience with this nasty bug was to do everything twice on successive days. I think it's gone. MalwareBytes didn't get it all the first time or I got re-infected. I downloaded the tool from Microsoft that checks for viruses, not MSE, and let it run. It found nothing.

I still have two registry components that are alleged to be part of the virus but niether MalwareBytes nor the tool from Microsoft flagged them, so I'm unsure what to do about them and don't want to eliminate them at will. They do not specify Thinkpoint of hotfix. I tend to stay away from editing the registry myself.

The real question is how I got it--I'm paranoid about clicking on attachments and going out to websites that I don't know for sure are good. I was on MSN yesterday when the virus activated.

Until it's absolutely gone, I'll use my desktop which remains uninfected for anything requiring a password.

Think I'll have a word with McAfee which still doesn't recognize this as a threat, at least as far as I can tell.

This nasty bug has cost me a lot of time as it must have for everyone in the discussion.


Report •

#42
October 24, 2010 at 13:35:08
I read on a discussion on Microsoft about this virus, at least I think it was Microsoft, that someone deleted all references to "Absolute Notifier". I have two instances of Absolute Notifier--one by Absolute Software which is for LoJack on my laptop. That process and entries in the registry are legit. I have another process in msconfig services which is also called Absolute Notifier. It is purported to be from "Microsoft", not "Microsoft Corporation" as Microsoft labels their products. I unchecked it because I thought it was suspicious.

I've not been able to verify what Absolute Notifier from Microsoft is, if anything. Since I can't find it anywhere.

Has anyone heard anything about this being part of the Thinkpoint virus?


Report •

#43
October 24, 2010 at 14:31:41
I just got this thinkpoint, but cannot find a hotfix.exe on my task manager - it has not run any scans yet, it's 'operating window' is stuck on my monitor. Am running malware now and will also run my AV, webroot antivirus. Anything else I can do, since most of the above say to delete that hotfix.exe, but I cannot find it.

Report •

#44
October 24, 2010 at 16:06:23
I just got thinkpont on my compter how do you get it off ?

Report •

#45
October 24, 2010 at 19:39:13
This trojan popped on my parents computer after my mom installed windows live messenger. I guess after it was installed, avira came up and said a high level trojan was detected and then thinkpoint came up.

(I must also note that it disabled everything on the computer including the internet.)

Anyway, my mom asked for my help. I checked the task manager and noticed a few processes running that I've never seen before. One of them was hotfix.exe but I don't remember the others... So what I decided to do was to reboot the computer to boot in safe mode (F8) and then I logged in.

After I logged in, thinkpoint came up again. I used ctrl+alt+delete to bring up task manager to kill the process hotfile.exe and then ran the process explorer.exe to bring the desktop back. I went to start>programs>accessories>system tools>system restore to restore back to the previous day and it worked. yay!

After the virus was removed I checked where my mom downloaded windows live and it was the legitimate website.


Report •

#46
October 24, 2010 at 19:42:53
Btw I do recommend that you do a scan with malwarebytes afterwards if you choose to do system restore.

Report •

#47
October 24, 2010 at 20:49:30
OK i have this thinkpoint box popping up over and over but Its not to the point where it has made it so i cant use internet explorer..my normal desktop is there and I deleted the hotfix.exe thought the task manager to get rid of it used rkill and ran full scan with malwarebytes twice..but everytime i restart my computer this neverending box that says Thinkpoint and Access violation at address 004AFD43 in module 'hotfix.exe'. Read of address 00000000. is there again bleeping like crazy..Alot of you are talking about u cant see desktop and how to fix that but like i said this is not the same and malwarebytes isnt doing anything to get rid of it..So annoying

Report •

#48
October 24, 2010 at 20:57:50
@ my first post I think it's actually called hotfix.exe whatever...

@ damnvirus - try system restore


Report •

#49
October 25, 2010 at 09:10:26
ok, got with my tech guy and it cost me $100 but I think (hope) it got rid of it:

go to www.bleepingcomputer.com/combofix

Go to how to use, then download, click the first link. Save to desktop.

Start in safe mode with network settings - and disable any of your virus protection software and also delete your system restore points (right click on My computer/properties/system restore - however, if you're on Windows 7, you're on your own for these settings - then uncheck the box.) my tech guy said this is important since these damn Trojans cling to system restore points.

Then, run combofix and ok any messages that might appear. It may want you to download a microsoft application if you don't have it so say OK. I had problems with this, but combofix kept doing its job. Went thru 50 steps, took about 15 minutes. Save the log that shows up, btw.

FYI - combofix deleted files that looked like "go to meeting" applications in folders that they didn't belong, did the Google and all sorts of info came up about these being part of the trojan.

after all of this, restart computer in regular mode and run malwarebites and combofix again, just to be on the safe side. Good luck, all!!!!


Report •

#50
October 25, 2010 at 10:01:20
It is still trying to load a non-existant file. Remove it from startup --> Run msconfig --> Startup Tab --> uncheck anything you do not want to start with the computer

I usually deselect everything except the anti-virus and anti-malware programs.

None of those other programs "NEED" to start here they just want to be "helpful" They will still work if they do not start with the computer. It will even make your computer run better.

I finally finished the scans and it was removed. It looks like the user had just downloaded windows Live. Talk about a bad windows security breach.


Report •

#51
October 25, 2010 at 10:34:37
I got his either Saturday or Sunday (sunday is when the window popped up so I can't be sure). I hadn't downloaded anything from anywhere, so I have no idea how I got this.

Report •

#52
October 25, 2010 at 11:13:24
go to the process in the Windows task manager make sure you go to the file location first and then end the process and delete the Temp Application file and make sure your Temp File is clean from any suspicious Applications that are in your temp folder.

Report •

#53
October 26, 2010 at 19:19:01
Some people will find they can not run and exe bat com etc from Run New Task.
If this happens you typically would be left with no options and need to use a AIO boot disc etc.

If this is what is happening to you (I think this is the fastest way ne ways)
Start pc in Safe mode with command line.
Nav to C:\user\youloginname\AppData\Roaming
Now that youre in the roaming folder simply type
del hotfix.exe (enter)
at this point there are more than likely more files in this dir your going to need to delete but it depends on the version of the virus you downloaded.
type dir (enter)
and look through the list and research suspicous files.
If bad delete.

After this in command prompt just type explorer.exe (enter)
this will load up the windows explorer/task bar etc.
From there you will be about to then run your antimalware app.

(Restart after each scan back into safe mode. w/ coammnd prompt shouldnt be needed.)
I suggest running SuperAntiSpyware (full scan)
Then Malwarebytes (full scan)
Then Avast AntiVirus.

At this point you should be clean.
If any IE probs etc check to see if the rouge virus has setup proxy setting in IE.

In the end though most tech guy like myself hate to resort to format and reinstall for every reason.... If you know how to format reinstall I would go this route. It never fails after years of dealing with these rouge virus that a system still feels buggie.
I never trust a system after these types of attacks.

It generally takes longer to clean the virus than to just format reinstall.
If your run of the mill computer user I suggest format reinstall.
I suggest using AutoFabs backup. Its simple and easy to use to back up common user files My docs/outlook/favs etc etc.
Double Driver for driver backup so your not search the net for drivers after reinstall.
Product Key Explorer to save a copy of all your product keys includinjg Windows/MS Office etc etc.
Mail Passview to save all your outlook settings like passwords/pop/ports etc etc

Best of luck...
Eric
xmarkcomputers.com


Report •

#54
October 27, 2010 at 06:57:57
I found that the newest version of combofix wiped it out 1st try. Just boot into safe mode, alt+ctrl+del, kill hotfix.exe, run explorer.exe, then run combofix. As if it never happened.

Report •

#55
October 27, 2010 at 15:26:09
you can manually disable it in the registry;

HKEY_CURRENT_USER -> Software -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon, change Shell to refer to 'explorer.exe'
It'll have the file path of hotfix.exe in it, found on windows 7 in:
c:\users\your username\AppData\Roaming\
There'll be hotfix.exe, install, and runscan (last two are text files, but no extension), although not sure about the last one. read both in notepad, probably will say 'complete' if you've run the scan..


Report •

#56
October 28, 2010 at 04:16:40
Hey guys,

So I was able to get the Windows Task Manager and "kill" Hotfix.exe under processes tab. When I clicked New Task, and typed in "Explorer.exe", it says that 'explorer.exe' cannot be found. I assume that this window popped up because I don't have explorer browser in my computer, but I don't know. I did chrome.exe instead, and I can't download the anti-malware file from bleeping computer because my computer is running too slow.

What can do from here? I am a computer nube, so please help me out. Thanks and very much appreciated.


Report •

#57
October 28, 2010 at 10:12:42
I cleaned my machine last night. This is what I did:

1. Restarted the computer.
2. When the Thinkpoint program began starting, hit <Ctrl><Alt><Del> and opened up the Taskmanager.
3. Go to Processes tab and kill "Hotfix.exe"
4. Go to Applications tab and the click the "New Task" button
5. Enter "explorer.exe" and hit enter. This will return your Desktop
6. Run Malwarebytes on full scan. Delete the programs found.
7. Reboot.
8. In your Browser, you may need to go into Tools/Options and change it from using a proxy server to no proxy server.

This worked. However, I may have to do more on the machine, as my wife is noting that some things are not running as well as they should. Dr Watson Post Mortem Debugger (part of Windows) is crashing on her today.

I haven't restored the OS on it for a year or so. Perhaps it is time to use a restore point, or just reload the OS. Hate it when I have to do that....


Report •

#58
October 28, 2010 at 15:58:25
One of the problems with ThinkPoint is that it may block your acces to the internet to download a solution.

When the ThinkPoint screen appears, select the Settings Icon. Check the small box in the lower left of the screen that will allow you to continue without purchasing their "solution". This will allow you to access the rest of your computer including email.

For HP computers, here's the fix. Reboot and as soon as the HP logo appears, select the f11 button. (On other makes it may be an f4 or f8 button.) This will initiate a program to restore your computer to a time prior to the infection by ThinkPoint. Continue the process until a screen appears that allows you to select a time point prior to when the ThinkPoint maleware was installed. Continue until the process is completed and ThinkPoint will be gone. It's free and easy. DO NOT PAY for the ThinkPoint "fix" by purchasing their software. If these &@!# people have no conscious about infecting your computer, what do you suppose they will do with your credit card number?

I am not particularly computer savy and I was pointed in this direction by our friends at Geek Squad.

Good Luck!


Report •

#59
October 29, 2010 at 21:13:34
Another way to get rid of it is to turn off the computer, then power on. As soon as the Windows boot screen shows, turn off the power switch (on a notebook, hold down the power button until it shuts off). Turn on the computer and you should see the error screen that Windows did not start correctly. There should be a choice to Restore Computer to an earlier time (at least in Windows 7 there is) and to start in safe mode or normally, etc. Choose Restore and go back a few days. Worked for my Wife's notebook. I think she got it from a youtube video as that was the last few things in the browser history.
IE sucks. I use Firefox, no virus or malware on my system.

Report •

#60
October 30, 2010 at 01:52:03
I also had the same problem. But I could remove this virus. See if the following steps help you
1. Log into your machine using some other credentials, dont use your credentials. Normally this virus puts the entry "hotfix.exe" in your user profile in the %appdata%/roaming.
2. So log in using another credential, since mine was an office computer it had administrator login and mine login. So I logged in using Administrator login
3. This time the Thinkpoint window did not come up. Since it did not put its exe in the other users path.
4. My machine logged in properly. I went to that directory and deleted hotfix.exe and its generated files.
5. I then logged off and then logged in again using my credentials and my machine worked fine.

Hope this helps you

Thanks & Regards,
Amit Kadam


Report •

#61
October 30, 2010 at 10:20:26
My thanks to everyone for the ideas on how to remove this vicious virus. Like others mentioned I foolishly permitted the download - I simply was not paying attention. Then I was locked out of the internet to search for an answer, could not access my restore points, and couldn't even restart the computer to boot in safe mode - I had to unplug the CPU. Fortunately I could still access the web via a laptop and found this site.

My partiuclar thanks to bnj7278 whose fix appears to have worked for me!


Report •

#62
October 30, 2010 at 23:37:40
Windows XP system, already taken over by ThinkPoint. Reply #27 by Samshaver solved it

steps:
1. Restarted the computer.
2. When the Thinkpoint program began starting, hit <Ctrl><Alt><Del> and opened up the Taskmanager.
3. Go to Processes tab and kill "Hotfix.exe"
4. Go to Applications tab and the click the "New Task" button
5. Enter "explorer.exe" and hit enter. This will return your Desktop
6. go to C:\Documents and Settings\**YOUR USERNAME HERE**\Application Data
and delete "Hotfix.exe" that is in that folder
6. Install Malwarebytes and Run full scan. Delete the files found.
7. Reboot ----> normal computer recovered
8. there were 3 other files that were added to the application Data folder by this ThinkPoint. i copied them to a flash drive and then deleted them from the application data folder. No problems happened to computer. files were:
"boot.bat", install, start, completescan, "dkfjasdfshd.bat"


Report •

#63
October 31, 2010 at 10:50:39
Hi....I went on msnbc.com and was hit by the thinkpoint virus.I have the symantic antivirus prigram and it could not do anything. I had to call a computer repair company called geeks on site usa to have it removed.They also installed Hitman 3.0 on my computer as an anti virus program. Anyhoo..I was back on msnbc yesterday and the same virus hit my computer again. I called the same company,but was cut off. I decided to run Hitman and VOILA it wiped the virus off my computer. You can download this for a free 30 day trial. Believe me this works & works alongside your other virus removal program. I personally am sold on this and intend to buy it once the 30 day period runs out,..Hope this helps...

Report •

#64
October 31, 2010 at 11:01:42
We think after looking at MSN.com in Panama using Wipet we received Thinkpoint. It is evil. Stopped scan--tried ctrl alt del nothing would show up in task manager. I rt. clicked on the icon and tried to change the name it wouldn't let me until I went to properties and found the target--went to that and found hotfix. tried to drag it to trash, but I had to change the name of the file by rt clicking it. Couldn't delete it, but I could drag the changed name file to Trash. Finally after much clicking--stopping--closing mostly everything mentioned we were able to recover--had two files named hot fix--that I changed. What else do I Need to find? anyothers?? Using Win XP. This program disabled Norton Antivirus which I pay for. Now it is still disabled, and I don't know how to enable it again. And can't seem to?? I have the updates but is says I don't have the ability to use it?? Please help.

Report •

#65
November 1, 2010 at 07:26:34
I just got tagged with this, knowing it was probably something bad I shutdown. Ran a linux live cd(try ubuntu) and manually deleted the files located on windows 7 at C:\Users\%Username%\AppData\Roaming. Good Luck to anyone else that falls for this.

Report •

#66
November 1, 2010 at 09:59:12
The key combination is Ctrl+Alt+Del. Another way to get to the task manager is all on the left side Ctrl+Shift+Esc.

Report •

#67
November 1, 2010 at 22:36:03
While thinkpoint running, (it establishes a connection to a server), I disconnected the battery to the laptop, terminating the connection to the server which asked for credit card info. After re-attaching the battery, things came back normal or so I hope. I don't know of any solution to a desktop PC.

Report •

#68
November 2, 2010 at 06:27:05
These posts were extremely helpful and using the exact steps noted by Rameumptom, I was able to remove the Thinkpoint issue as well as some other Trojan viruses that had invaded my computer. Thank you so much to everyone who contributed here!!!!

Report •

#69
November 2, 2010 at 19:17:32
You have this problem? Don't worry, I had it, and I was able to fix it. Here's what you should do.

First of all, shut down your computer.
After you shut your computer down, press F8 as FASTas possible.
A screen will appear, and you use the arrow keys on the right to pick where to go.
You then press something that is like this; Windows Safe Start-Up, or something like that, after that, you may start your computer and ThinkPoint will be gone.
Try to download a free download for scans for viruses and cookies.


Report •

#70
November 2, 2010 at 19:19:30
Also, I wish I could tell what programs I use, but I can't due for hackers. Sorry.

Report •

#71
November 3, 2010 at 09:40:27
As you know , it is a fake antispyware program appearing as ThinkPoint Antivirus, to get rid of ThinkPoint virus, install an anti malware program or follow the manual removal steps as instructed herein
http://darfuns.com/spyware-removal/...

Happy Virus Free Computing(.net)
Virus Removal tutorials and Softwares


Report •

#72
November 4, 2010 at 06:30:11
this should be problem solved

http://www.pctools.com/spyware-doct...

your welcome.


Report •

#73
November 5, 2010 at 09:52:03
It makes you think you are runnung a virus scan and it might report you have 120 viruses and really you more likely don't have any at all. If ypu pay them . All you do is unlock it so everything will work right. but "It IS A Big Fat SCAM" I have got this virus which is posing as a malware or antivirus remover. I uaed Malwarebites on one computer and I restores another computer to an earlier date and the third computer it destroyed the hard drive sectors making it unuseable.I hope this helps: ken

Report •

#74
November 5, 2010 at 20:48:37
For the people having trouble with task manager you need to curl alt delete then go to processes and end process hotfix.exe

If you press alt ctrl delete and windows task manager doesn't pop up press escape three times if this doesn't work the second time restate your pc wait for the turn safe mode on screen and press alt f4 then do it again and try opening task manager

This is just to disable it
The recommended virus scanners/software is malwarebytes or AVG
Malwarebytes for short term use if your not planning to purchase it


Report •

#75
November 6, 2010 at 21:04:33
I got it on my computer (64-bit Gateway) yesterday. luckily I found out that the CD that came with my computer, which I kept and didn't throw away, can back up how your computer was yesterday, last week, even 6 months. If you back it up then, all that you did and got on your computer after that day is never there (including that annoying @$$ virus.)
Just have the CD and press F10 to goto info before it goes to the pop up, look for where to back up your history, and start it before you got all that crap-virus. (sorry for the rude words. just glad I got the thing off.)
I hope I helped at least one person of what I said

Report •

#76
November 7, 2010 at 04:50:16
Might be a bit late now... but this should help.

Also try hitting f8 repeatedly when you reboot and then running safe mode that seemed to work for me. Then turn back your computer to an earlier save point - that also seemed to get rid of it.

But if the worse comes to the worse I found this helpful guide. I couldn't get one of the steps to work... but the final scan showed my computer to be clean any way

www.bleepingcomputer.com/virus-removal/remove-thinkpoint


Report •

#77
November 8, 2010 at 07:15:40
I might be able to simplify this. I saw this on my sons computer. All I did was go through to the point where it gives the option to continue unprotected. After clicking that I could not open IE but I did get to my desktop. From there I ran Malware Bytes. This got rid of everything except a shortcut to it on the desktop. I ran CCleaner and checked the desktop shortcut option and all gone now.

Likely


Report •

#78
November 8, 2010 at 07:36:43
In the settings of the "fake anti virus" choose to use "unprotected startup" then exit the program to start windows desktop.

I used process explorer from sysinternals.

Right clicked hotfix.exe it showed the .exe to be located in C:\Documents and Settings\USERNAME\Application Data\

Along with this .exe file there was an install, start, complete scan files.

End the process using process explorer as taskmgr is disabled...

Delete the files

Scan with AVG, Malwarebytes and Sypbot to get rid of any remains / other viruses.

Ccleaner Portable would also be a good one to use to fix any registry entries that have been modified.


Report •

#79
November 10, 2010 at 20:39:53
Effective removal of Thinkpoint Virus Download award winning antivirus! works great- easy to use - fully customizable - install it, and forget it in the background, removes malware, spyware, trojans, thinkpoint, thinksmart. try it out.

http://www.adwarethreat.com/softwar...


Report •

#80
November 13, 2010 at 03:26:52
Just wanted to confirm that the Darfuns Malwarebytes download (James88 post above, November 3) worked for us: I logged on as a different user (allowing internet connection free of the Thinkpoint blocker), downloaded the Malwarebytes program, ran a scan, found a "Fake" thingy and deleted it, then restarted and the affected user had the Malware program which had cleared off the Thinkpoint. Thanks, James88.

Report •

#81
November 16, 2010 at 19:42:27
http://www.youtube.com/watch?v=uFtX... try this guyz it works for me

Report •

#82
November 20, 2010 at 08:00:20
I had thinkpoint and was a b---tard to get rid off, I found a good programme to get rid of it, and only takes a few minutes.

http://www.softpedia.com/progDownlo...


Report •

#83
November 20, 2010 at 13:55:31
This site has a free removal tool that works awsome. free combofix download

I have used it many times on others computers too.


Report •

#84
November 24, 2010 at 07:23:12
thanks to everyone that postred here. I was suckered too. Thanks to you all it was an easy fix with malwarebytes but my laptop seems to be running slower since this happened. anyone else experiencing this and is there a solution?

Report •

#85
November 25, 2010 at 03:42:11
Hello, i have tried all of these steps and my internet is still not working?? am i too late?? internet is still saying "internet explorer cannot display the website", i've done task manager and ended the process of hotfix, gotten on to the desktop and straight to the internet browser and still nothing, i've been in the LAN settings and un-ticked all the boxes and still nothing i've used a usb disk and installed spydoctor but pops up says to start in safe mode, when i tried it, pop up says to start in normal mode, now it says to update spydoctor but can't because internet still not working, my modem is also connected to another computer as well so i know that the net is still working?? HHHHHEEEEEELLLLLLPPPP PPPLLLEEEAAASSSSEEE!!!! it's been day 3 of this infection!!!Grrrrrr stupid thinkpoint!!!

Report •

#86
November 26, 2010 at 06:46:17
and what can you do when <ctl alt delete> receives a response that the task manager has been disabled by the administrator?

Report •

#87
November 28, 2010 at 20:18:43
hey i just got rid of this program right now so this is what i did, hopefully its helpful
ok when the program says it wont let you got to desktop because its not safe our whatever, go to settings> and check the button that says something like allow even when unprotected
now when you are on your desktop you should see a shortcut that says thinkpoint. right click and click open file location. this should take you to the origional "hotfix" file.
do ctrl+alt+delete and on task manager click processes. scroll down and find "hotfix.exe" and click end process. once you have ended it, delete thinkpoint the origional file, and the desktop/start menu shortcuts. empty your recycle bin.

Report •

#88
November 29, 2010 at 15:26:05
Thinkpoint is a program that tells you that you have a virus, when thinkpoint is the virus. when you are prompted to give your Credit Card info, Your info stolen will then be used by the people who sent the virus to you in the first place....If you remove the virus using some AV tool, you may gain access to your machine but the progrom (Thinkpoint) could be sending your keystrokes to its place of origin and stealing your info anyway... The best thing to do is to try to save any files you can if you can access them and then do a complete System Restore.Delete and reinstall windows

Report •

#89
November 30, 2010 at 12:02:58
Terry Q's process worked for me:

Terry Q October 17, 2010 at 12:22:39 Pacific

Alright guys,

I just fixed a computer with this problem running vista....

Start the computer in "Safe Mode with networking"
after the thinkpoint screen loads push the command CTRL+ALT+DEL this will bring you to task manager. Find the process hotfix.exe and kill (end) the process.

at this point you will only have a blank black screen behind your tak manager. you can go in ms-dos prompt and delete the hotfix.exe so if you have to reboot the screen wont happen again.

to delete the hotfix.exe:

While in task manager go to File and select "run new task". then type "cmd.exe" in the open box. this will pull up your command prompt.
you then type "CD C:\Users\**USERNAME**\AppData\Roaming then after the directory is changed type "del hotfix.exe" this will stop the thinkpoint screen from loading if you have to reboot.

After you delete the hotfix.exe you will go back into you task manager, dont panic if you cant find it JUST USE CTRL+ALT+DEL and select task manager.

Goto File, then selet "new Task".

now the next task can be done two ways

1. you can type "explorer.exe" in the open box and it should take you to your desktop
(which this did not work for me because the virus was stopping it)

or

2. you can type "C:\Program Files\Internet Explorer\Iexplorer.exe" this will take you directly into your internet. (this is the option i had to use)

then while in internet explorer go to "www.malwarebytes.org" download the free version and run the full scan option after running the scan you will want to click the "See Results" button that is available after the scan is ran. this will load a detailed page of what was found and it will have the virus and malware selected. there should be a "remove selected" button at the bottom of this page. after this is done it will require you to restart your computer.

(remember guys even if you got a blank black screen the computer is still kicking and is operating. it just we are so use to seeing the desktop to run the computer)

AND TADA FINISHED you should be THINKPOINT FREE AND THE WAY TO BE....the computer I work on also had a Anti-Virus 8 on it which is also a virus, or fake report just say so if you have it and i can tell you how to remove it


Report •

#90
November 30, 2010 at 13:20:22
LOL...this is getting beat to death. Why don't you all start new posts so other members can help you.
http://www.computing.net/howtos/sho...
The above link will help you ;-)

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#91
November 30, 2010 at 21:21:53
Thinkpoint got installed on my PC right after I downloaded a file on Wetmusik.com... stay away from that place!

Report •

#92
December 6, 2010 at 14:52:52
Thanks JL. Your post has helped me tremendously!!

Report •

#93
December 7, 2010 at 21:34:34
THANK YOU Terry!!!!
I followed your instructions, and I was able to remove it completely!! Took about an hour, but I am not good with computers but good with directions and yours were spot on.
Apparently the virus protection software expired on my kids computer (CA Security Software) and caused all kinds of problems. Thinkpoint being one of them. Terry, could you kindly recommend a good and safe and hopefully reasonably priced virus protection software to purchase.
Thanks again Terry!!! Huge help to me and the kids!!!

Report •

#94
December 12, 2010 at 01:54:37
honestly there are no great antivirus there is always one person one step ahead of those things....keep malware installed on your system for the after-fact of getting a virus. I work as a comp tech for a college and office scan is what we us. I personally use Mcafee. I have used norton in the past....eventually they all fail its just nowing how to beat the maker of the virus....sorry i cant make a good suggestion on anti-virus but I personally use mcafee and I havent had a problem yet so its really personal opinion. but you can find office scan online for FREE and they all do the same thing!!!!!

Report •

Ask Question