Removing Fake MSE Trojan ThinkPoint Antivirus
Scareware: ThinkPoint Antivirus
One of the scareware programs that is hitting PC users is called ThinkPoint Antivirus. It is installed by a Trojan pretending to be a Microsoft Security Essentials alert, with or without the legitimate antivirus program by Microsoft on the computer. The first version of the fake MSE Trojan offers several rogue programs but a variant will now install ThinkPoint Antivirus.
If a computer is infected by the ThinkPoint scareware program, the taskbar and desktop will not load and the ThinkPoint antivirus user interface cannot be closed. In some cases, the task manager utility in Windows is prevented from loading by ThinkPoint Antivirus. Find out below how you can remove ThinkPoint antivirus from Windows.
Automatic Removal of Fake MSE Trojan ThinkPoint Antivirus
ThinkPoint Antivirus will not prevent legitimate anti-malware or anti-virus programs from loading. This means that you can remove the scareware program as easy as 1, 2, 3, as long the malware scanner has detections for variants of the fake Microsoft Security Essentials alert.
Note: You should not enter your credit card and personal information into any scareware program interface or any website that is not trusted. Do not input any sensitive information into theThinkPoint Antivirus program:
To start removing ThinkPoint Antivirus from your computer, you will need to change the settings of ThinkPoint Antivirus by putting a check mark in the box before “Allow unprotected startup.”
Next, close ThinkPoint Antivirus so that the desktop and taskbar will load. Proceed by launching anti-virus or on-demand scanners and update the definitions. Once that’s done, scan the computer. Most anti-virus programs will now detect and remove ThinkPoint Antivirus, but listed below are some examples of anti-malware software that can detect ThinkPoint Antivirus:
- Ad-Aware Internet Security Free
- EmsiSoft Anti-Malware
- Malwarebytes Anti-Malware
- Spybot - Search & Destroy
- SUPERAntiSpyware
- Windows Defender
Microsoft’s Windows Malicious Software Removal Tool v3.13 which was released on November 9, 2010 includes the Win32/FakePAV signature, a detection signature for fake Microsoft Security Essentials alerts that will install ThinkPoint Antivirus or other scareware programs that the earlier versions of the Trojan offered.
Screenshots of Anti-Malware Detections for ThinkPoint
Manual Removal of ThinkPoint added by fake Microsoft Security Essentials alert
If you would rather remove ThinkPoint Antivirus program using a manual removal process, follow the steps below while in normal or safe mode in Windows:
- Change the settings of ThinkPoint Antivirus by putting a checkmark before the box to “Allow unprotected startup.”
- Open the Task Manager utility in Windows and then locate the hotfix.exe process to end it. Close the Task Manager when done.
- Open Registry Editor in Windows and then navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry key. At the details or right pane, locate the registry value Shell that has hotfix.exe as its registry data. Close the registry editor when finished.
- Browse for hotfix.exe file in the C:\Documents and Settings\{YOUR USER ACCOUNT NAME HERE}\Application Data folder in XP or the C:\Users\{YOUR USER ACCOUNT NAME HERE}\AppData\Roaming folder in Vista or Windows 7. Delete hotfix.exe. If you cannot find hotfix.exe, simply type %AppData% in run box, hit the OK button and then locate to delete hotfix.exe in the folder.
- Reboot the computer. ThinkPoint Antivirus is now removed, but it is recommended to scan the computer using an up-to-date anti-virus program to verify that there are no other threats residing in your computer.
Image credit: Screenshots taken by the author.
