Sunday, November 7, 2010

Remove Think Point Infection of Windows Vista or Windows 7

This is a continuation of my previous Think Point removal post.  Removing ThinkPoint can be accomplished in less than 5 minutes using only the tools included in Windows and minimal technical knowledge.  The steps required to remove ThinkPoint in Windows Vista and Windows 7 are slightly different than on Windows XP.


If you would like to know how to remove Think Point Security in Windows XP, click here.

If you would like to know how to remove Think Point Security in Vista or Windows 7, continue reading.


Removing Think Point Security in Windows Vista and Windows 7 is quite easy and be accomplished in less than 5 minutes.

I've broken the removal process down into 2 Phases, the first phase involves gaining access to the system, the second phase involves the removal process.

Phase 1:



Start by pressing "Ctrl+Shift+Esc" on the keyboard to open the Task Manager.


In the Task Manager window, click the "Processes" tab.  Click on hotfix.exe then click "End Process." Click "End process" on the confirmation window.


Next, click "File" and select "New Task (Run...)." Then type "Explorer.exe" in the Create New Task window to launch the Windows explorer, which is the part of windows that allows you interact with such as the desktop icons and interface.

Phase 2:


On the desktop you will find a ThinkPoint shortcut.  Right-click on the shortcut and choose "Properties." In the ThinkPoint Properties window look next to Start in:, this is the location that the Think Point program hotfix.exe resides.  Select the text in the Start in field, right-click on the selection and choose "Copy" or press "Ctrl+C" on the keyboard.


Open the Start Menu, click in the "Start Search" box, press "Ctrl+V" or right-click and choose "Paste" to insert the folder location that contains the infected files.  Press "Enter" to open the folder.


In the Appdata\Roaming folder, click "View" at the top and choose "Details" to change the folder to details view. Click on the "Date modified" column to sort by date modified, this will list all of the newest files grouped at the top.  The files which need to be deleted are hotfix.exe, install, completescan & any <random file name>.bat.

Select the files to delete, right-click and choose "Delete" or press "Delete" on the keyboard, then click "Yes" on the delete confirmation box.


Now that you have removed the infected files, you need to remove the startup triggers that tell Windows to run them on each startup.  Open the Start Menu.  Click in the "Start Search" box and type "regedit," press "Enter" on the keyboard to open the Registry Editor.


In the registry you can expand keys by double-clicking the folder, or by pressing the "Right" arrow on the keyboard.


The ThinkPoint startup trigger is located at HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.  You will now need to navigate to this entry.


To do this you need to:
  • Double-click "HKEY_CURRENT_USER"
  • Double-click "Software"
  • Scroll down to "Microsoft" and double-click
  • Scroll down to "Windows NT" and double-click
  • Double-click CurrentVersion
  • Scroll down to Winlogon and click to select it.


The infected entry is "Shell" and you can see under the Data column that it points to the hotfix.exe file/folder that we just deleted.


Right-click on "Shell" and select "Delete" or press "Delete" on the keyboard. Click "Yes" on the deletion confirmation box.


Now you can delete the shortcut that was on the desktop.  Right-click on the ThinkPoint shortcut and select "Delete" or press "Delete" on the keyboard.  Then click "Yes" on the Delete File confirmation.


Also open the Start Menu and click "Programs" above "Start Search," find the ThinkPoint shortcut in the list, right-click the link and choose "Delete."


Click "Yes" to confirm the deletion of the ThinkPoint shortcut.


The Recycle Bin contains all of the files we have deleted.  Open the Recycle Bin and click "Empty the Recycle Bin" at the top of the window.


Click "Yes" to permanently delete all of the ThinkPoint files and shortcuts.

Finally, restart the computer to complete the repair.  Windows will now start up normally and you are Think Point Security free!

Followup your ThinkPoint removal by running an antivirus scan with your program of choice, I recommend Avast Internet Security 2011 which you can purchase below with this coupon for $10 Off till Jan 10, 2011.



US - avast! Discount. 10.00 off avast! Internet Security. Buy Now!
US - avast! Discount. 10.00 off avast! Internet Security. Buy Now! Offer Expires 01/10/11

1 comment: