FacebookTwitterLinkedIn

ThinkPoint Fake Antivirus

Also Known As: Think Point
Damage level: High

What is ThinkPoint?

This unwanted program will try to fool you into buying it and the software employs various methods in which to do so. It uses a fake virus scan and displays fake alerts indicating that your computer is infected. After the fake security scan, the rogue program will notify you that C:\Program Files\Messenger\msmsgs.exe is infected. You will then be asked to reboot your computer.

This program is capable of blocking execution of legitimate Windows programs, thus making its removal more complicated. It is important to understand that ThinkPoint is a rogue program that should not be trusted. When installed on your computer, this bogus program will imitate a computer security scan and will attempt to trick you into believing that your PC is infected with critical risk security threats.

 Screenshot of ThinkPoint rogue antivirus:

thinkpoin rogue antivirus main window

Examples of fake security alerts might look like this:

thinkpoint fake antivirus program

“Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take action.”

“Unable to remove threat. Click ‘Scan online’ to remove this threat” or “The application iexplore.exe was launched successfully but was forced to shut down due to security reasons. This happened because the application was infected by a malicious program that might pose a threat to the OS. It is highly recommended that you install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs.”

ThinkPoint is mostly propagated via e-mail phishing and p2p downloads. Do not buy this program, it is a scam. Internet criminals created this program to scare you into believing that your computer is highly infected with spyware in an attempt to sell you the ThinkPoint license.

The program states that it could remove the detected security issues if you pay for the license. Do not trust ThinkPoint. It is a rogue program that does not actually scan your computer, but ‘detects’ non-existent spyware and malware on your computer and then encourages you to purchase the program to remove these supposed threats.

To further scare you into believing that your PC is at risk, your desktop will be flooded with security warning messages stating that viruses are trying to attack your computer. Ignore all ThinkPoint security scans and warning messages. ThinkPoint is a scam that should be removed from your computer.

Use the information provided to remove this bogus program. Screenshot of a fake antivirus program "ThinkPoint":

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

ThinkPoint removal:

1. Press ctrl+alt+del (or ctrl+shift+esc) to enter the Task Manager. Select the "Processes" tab.

2. Search for the hotfix.exe tmp.exe and thinkpoint.exe processes. Select each and press "End task". When you are asked if you are sure, click "Yes".

3. When you have terminated the hotfix process, you will see a blank screen. In the Task Manager, click "File", select "New task", and in an opened window type explore.exe and click "OK".

4. After this procedure you should be able to access your desktop. You should now download legitimate anti-spyware software to fully remove ThinkPoint from your computer.

5. After downloading anti-spyware software, install it, update it, and then run a full system scan. Remove all infections found.

Some malicious software modifies browser settings and disables downloads of spyware and virus removal software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with an alternative browser, such as Chrome, Firefox, Opera, etc.

If you are unable to remove ThinkPoint, you can use these manual removal instructions. Use them at your own risk, since if you do not have strong computer knowledge, you could harm your operating system. Use them only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these ThinkPoint processes:

%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe

Remove these ThinkPoint registry entries:

HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “thinkpoint”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\hotfix.exe”

Delete these ThinkPoint files:

%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Application Data\install

Summary:

The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of think point and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from think point and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on think point or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Think Point QR code
Scan this QR code to have an easy access removal guide of Think Point on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.