How to remove ThinkPoint from your computer

Summary

When you start your computer, you see a ThinkPoint window that restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/FakePAV) that is infecting your computer.

More Information

To remove ThinkPoint from your computer, first stop the ThinkPoint application and then run the Windows Live OneCare Safety Scanner to remove the malware from your computer. To do this, follow the steps:
  1. Start your computer as usual, and then click Safe Startup in the ThinkPoint window that appears. A fake scan will occur for up to five minutes. Let the scan finish, and then click OK when you are prompted.
  2. A window appears that tells you what the scan has found. This information is fake. Ignore it, click Continue Unprotected, and then click OK in the window that appears.
  3. In the ThinkPoint window, click Settings, click to select the Allow unprotected startup check box, and then click Save Settings.
  4. Close ThinkPoint. To do this, click the Red X in the upper-right hand of the window. You should now be able to see your desktop.
  5. Open a Command Prompt window, then follow these steps, as appropriate for your operating system.

    For Windows 7 and for Windows Vista:
    1. Click the Start button, and type cmd in the Search box.
    2. Right-click cmd.exe, and then click Run as administrator.

      Note If a User Account Control window appears, click Yes.

    For Windows XP:
    1. Click Start, and then click Run.
    2. Type cmd, and then click OK.
  6. Type tasklist (all lowercase) in the black Command Prompt window, and then press ENTER. A large list of files is displayed.
  7. Use the scrollbar on the right side of the window to scroll through the list of files to confirm that Hotfix.exe is listed. If this file is in the list, scroll back down to the flashing cursor in the Command Prompt window, type taskkill/IM hotfix.exe (case-sensitive), and then press ENTER. If this procedure is successful, you will see a SUCCESS message in the Command Prompt window. To close the Command Prompt window, click the Red X in the upper-right corner of the window.
  8. Open Internet Explorer or your currently installed browser, and then visit the following Microsoft website:
  9. Click Full Service Scan.
  10. Follow the steps to remove ThinkPoint.
For more information about ThinkPoint and about the Win32/FakePAV rogue malware, visit the following Microsoft website:



Properties

Article ID: 2445108 - Last Review: Apr 26, 2013 - Revision: 1

Feedback