Faked MSE popups have confused lots of people since their launch on August. Most of people have heard about Microsoft Security Essentials, and they did not expect that it could be a sign of malware infection. It was clever step to give users a choice of five rogues. However, for some reason this changed.
Meet ThinkPoint – a new fake Antivirus that is spread by the same set of trojans originally focusing on Antispy Safeguard. Now you do not have to download one of five rogues. You get ThinkPoint silently installed by default.
First thing you see is a fake Microsoft Security Essentials window that starts scanning your PC. It will state, that your PC is infected with Trojan, for example Trojan.Horse.Win32.PAV.64.a. It will ask for reboot to finish removal procedure. After a reboot you get a completely new fake AV window instead of MSE.
Thinkpoint will claim that it restored some infections, but restoring infected “browsers” requires a heuristical, paid module. It will not allow you to uninstall the “antivirus”, as your settings do not allow “unprotected” startup, and it will block execution of majority of legitimate programs claiming that you are infected.
It will also show various warnings about hackers attacking PC. These messages can be discarded, however it will not allow you launching them. In fact, it might even change permissions to stop execution of legitimate programs when virus is inactive.
The best way to stop thinkpoint and remove this scam is to stop its processes by pressing ctrl+shift+esc and stopping process hotfix.exe. Afterwards, launch explorer.exe as a new process and download a good malware remover like Malwarebytes or Spyware doctor. Check our Thinkpoint removal guide for full file names and removal instructions.
You should never Pay for rogue antivirus programs like ThinkPoint. You give away your credit card details to scammers that way.