Removing ThinkPoint Malware
Past Experience with Malware
This article discusses my recent experience with the fake antivirus software called ThinkPoint. ThinkPoint is really a malware or malicious software. The problem occurred on a laptop that one of my kids was using. This laptop uses Window 7 Home Edition and my children's account have no permission to download software. But every now and then, my children has to download legitimate of items such as homework files, forms, iTunes apps, iTunes music, and software components. I am a very busy guy and it becomes so annoying to allow access to download software often. After a while, I just gave in and provided my oldest kid with admin rights to download software or information.
The children have been trained (actually warned) not to download software that they did not ask for. Any software that appeared out of nowhere and asked to be downloaded is deemed suspicious.
The ThinkPoint Discovery
My oldest child discovered a suspicious pop up ad requesting to download ThinkPoint, an anti-spyware software. There was some information in the pop up ad claiming the alert was reported by Microsoft Security Essentials which isn't true. It looked very convincing and the okay button looked pretty juicy to click on.
I was not able to close the ThinkPoint pop up ad's "X" button on
the ad window. The only other option
was to click on the okay button, which I didn't want to do. When I hit "Control-Alternate- Delete" to get
to the Task Manager, the list of program on the Applications Tab were empty. I tried looking for process in the processes
tab but nothing stood out. I did not know which processes to terminate.
In the process of trying other tricks to remove the pop-up ad, I inadvertently allowed the ThinkPoint software to download. The result was a program that pretended to scan folders and files in your hard drive. But the program never ends as it appears to repeat itself. There is no way to stop the program or terminate it. I could not even log off my child's account. I shut off the computer and tried to into the account but the account basically gone. Only a blank light blue screen appeared which did nothing.
Researching The ThinkPoint Cure
I decided to look up information on the Internet and how to get rid of ThinkPoint. There several forums and articles that refer to a bleepingcomputer.com website article about removing ThinkPoint.
The article basically describes how you can terminate the ThinkPoint program from running so that you can use your computer again. From here you can run updated Malwarebytes Anti-Malware software to remove it completely from your computer.
In the bleepingcomputer.com website article on ThinkPoint, the instructions require you to download to pieces of software to fix other problems before you get rid of ThinkPoint. I totally disregarded this process because I didn't believe it was necessary. So far, it seems that I was right.
Since the desktop child's account was destroyed when I try to log in, my workaround was to log into my account. Fortunately for me my account was still unaffected by the Think Point malware. What I needed to do was to update my Malwarebytes Anti-Malware program.
An Annoying Windows 7 Glitch
There was one little annoying part when I tried to update Malwarebytes Anti-Malware through Windows 7. There was some kind of error when I attempted to perform the update. After a few tries I gave up and tried downloading the entire Malwarebytes software all over again. This time it worked, and I was able to install and run the Anti-Malware software. So far after 10 months of working with Windows 7, I am not happy with it. I occasionally get download problems that I don’t have with Windows XP. Fortunately for me, I still have Windows XP on my other computers.
So I ran Malwarebytes Anti-Malware and perform a full scan. The program found several files associated with the ThinkPoint malicious software. Using the bleepingcomputer.com instructions, any items associated with “Rogue.FakeMSEA” belonged to ThinkPoint. With one click of the “Remove Selected” button, I was able to get rid of ThinkPoint in other malware that was found.
If you happen to be a Windows 7 user that was infected by ThinkPoint, and you only have one account, you can try running Windows 7 in safe mode with networking. Do this if you are not able to access your desktop and run Task Manager.
Here are the instructions to get rid of ThinkPoint in simplified steps:
1. Run Task Manager and terminate the process, “hotfix.exe” in the Processes Tab.
2. Run Malwarebytes Anti-Malware software and update it.
3. After the update, run Malwarebytes AntiMalware and select the “Full Scan” radio button.
4. Click on the “Scan” button. If you have hundreds of thousands of files to scan this process could take a while. Take a break and regularly check if the process is done.
5. Verify if ThinkPoint items associated with “Rogue.FakeMSEA” have been found.
6. Select the “Remove Selected” button to to remove all the malware including ThinkPoint.