Remove Think Point Infection in 5 Minutes or Less

Think Point Security is a mock anti-virus program design to dupe infected computer users into purchasing their fake anti-virus software to remove infections and clean viruses which are not even there. Released in Fall 2010 this "Security Tool" style infection is one of the easiest cleanups for the DIY virus cleaner to perform themselves. This cleanup requires no special knowledge and no software tools outside of regular Windows functionality.

Estimated cleanup time: 5-10 Minutes

The removal consists of 2 Phases with individual steps for each. The first phase details how to gain access to the system to perform cleanup functions. The second phase demonstrates deleting the infected files and startup entries.

If you would like to know how to remove Think Point Security in Windows XP, continue reading.

If you would like to know how to remove Think Point Security in Vista or Windows 7, click here.

Phase 1:

ThinkPoint Security splash screen

Start by pressing either "Ctrl+Alt+Del" or "Ctrl+Shift+Esc" on the keyboard to open the Task Manager.

Next, click "File" and select "New Task (Run...)"

Open the Windows Task Manager and create a new task

Type "Explorer.exe" in the Create New Task window to launch the Windows explorer which is the part of windows that allows you interact with such as the desktop icons and interface.

Run explorer.exe

In the Task Manager window, click the "Processes" tab. Click on hotfix.exe then click "End Process" close the the Task Manager window by clicking on the "X"

End Hotfix.exe Process

Phase 2:

Now that you have gained access to your system, we can continue the Think Point removal by using the Registry Editor and by deleting the files which are triggered to run at startup.

Let's Continue, click "Start" then click on "Run..." or press Win+R (Win key is between Ctrl and Alt on most keyboards)

Run... A New Task

Type "regedit" and click "OK" This will open the Windows Registry Editor.

Open the Windows Registry Editor

In the registry you can expand keys by double-clicking the folder, or by pressing the "Right" arrow on the keyboard.

You will need to navigate to the entry that contains the startup trigger, this trigger tells Windows to run the infected hotfix.exe file. The startup trigger is located at My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

To do this you need to:

Double-click "HKEY_CURRENT_USER"
Double-click "Software"
Scroll down to "Microsoft" and double-click
Scroll down to "Windows NT" and double-click
Double-click CurrentVersion
Scroll down to Winlogon and click to select it.

Click on the "Shell" entry in the right pane. Press "Delete" on the keyboard, or right-click and select "Delete"

Delete the Shell Startup Trigger

There, you have now removed the Think Point startup trigger and we are almost done. You now need to go to the Application Data folder which is hidden by default in Windows, the quickest way to get to this location is to once again open the Run window.

Open the Start Menu and click on "Run..." or press Win+R on the keyboard. This time type "%UserProfile%\Application Data" and click "OK"

Open the Application Data Folder

In the Application Data folder you need to delete "hotfix.exe" as well as any individual files with <Random> characters for names or any files with <MS-DOS Batch File> as its description.

Delete the Infected Files

Close all of the open windows. On the desktop there should be an icon for Think Point. Select the ThinkPoint icon and press "Delete" on the keyboard or right-click on the icon and select "Delete"

Delete the Desktop Shortcut

Also open the Start Menu, click on "All Programs" to expand the programs list. Right-click on the ThinkPoint shortcut and select "Delete"

Delete the Start Menu Shortcut

Finally, Restart the computer. Once the system starts back up you will be Think Point free!

Restart the Computer

Followup your ThinkPoint removal by running an antivirus scan with your program of choice, I recommend Avast Internet Security 2011 which you can purchase below with this coupon for $10 Off till Jan 10, 2011.