This is another in the long list of “rogue”, fake, bogus security software that somehow sneaks by your Anti Virus Anti Spyware. Virtually stops your computer from functioning, prompting you to “start” or “activate”, purchase there product in order to have your computer back again.
This was looking like Microsoft Security Essentials program, and even mention Microsoft Security Essentials,, but don’t be fooled, it’s a frustrating, pain in the ass fake annoying program. But it was actually an easy removal process, and fix.
This was on a Windows Vista machine today, and would not load up the desktop, Thinkpoint had Windows Explorer shut down, held at ransom.
- I booted up in Safe Mode:
On boot up press or tap the F8 key, until you see a screen with Safe Mode option. Use your up arrow key to highlight Safe Mode, press the enter key.
Let Safe Mode load up,, enter login info if prompt to. Then this is where “Thinkpoint” screen came up, filling the entire screen, with no normal desktop behind it. Thinkpoint had Windows Explorer shut down on startup,,, clever aren’t they?
- Press Ctrl+Alt+Delete Key to bring up “Task Manager” (press “Start Task Manager” for vista Win 7)
- Go To The “Processes” Tab in Task Manager
- Now look for a process in that list called “hotfix.exe”
- Use your mouse cursor & highlight hotfix.exe, click “End Task” (lower bottom right corner of same window)
When prompt “Do you wish to end task…..” etc,, click “Yes”
(“Hotfix.exe” is the rogue malware file associated with Thinkpoint malware infection)
Now here is how to start Windows Explorer manually:
With Task Manager still open, click on the “File” menu (upper left corner)
Choose “New Task (Run),, and type in “explorer.exe” (with no quotes)
Your desktop should now load up, it will look strange, different for Safe Mode does not load the graphics driver.
(At this point I went in & file searched for “hotfix.exe” to locate where the file was, & manually removed/deleted the file.)
If you don’t have Malwarebytes download the program, install, UPDATE and run Quick Scan,, Malwarebytes will find the malware, maybe others, and remove anything it might find. Might prompt you to restart to fully remove the bad stuff. All should be well, but update, and run scans with any other security software you have just to crosscheck the system.
How I manually removed Thinkpoink and the “hotfix.exe” it was associated with:
- The “hotfix.exe” file is the Thinkpoint malware program file, on this Windows Vista Computer it was located here:
C: Users folder >Home folder >AppData folder >Roaming folder and there was “hotfix.exe”
- Go to your Start Menu, then cue up “My Computer” or “Computer”, double click on “Local Disk (C:), then look for “Users” folder above.
- Follow the path mentioned above: Users, Home, AppData,,, Roaming folder
- “Right Click” on hotfix.exe and choose “delete” in the sub menu………………. all gone.
This was the only file associated with this “Thinkpoint” Malware. No other entries in system registry were found when following uo with other scans afterwards. Maybe there were other files associated with this “Thinkpoint” malware, maybe the systems Anti Virus Software might of stopped some of it, but this one “hotfix.exe” file planted itself right in a start up folder/directory.
Computer was back to normal operation.
Customer stated she believed her computer became infected with this after clicking on, and attempting read some celebrity article on MSN.com
IDrive – FREE 5GB Backup Account – Protect your digital life with IDrive online backup.