Warning: New rogue antivirus – ThinkPoint

By Crescencio Reyes – PC Tools Malware Research Division

A new rogue antivirus was recently reported which is part of the fake Security Essential rogue malware. When the binary is executed, it will show a splash screen which is displayed on top of all application windows.
Thinkpoint Virus
Figure 1: ThinkPoint splash screen

When “Safe Startup” button is clicked, it will display a window which does a fake scanning of the infected machine.

ThinkPoint virus
Figure 2: Fake scan

After the scanning process is complete, it will then present the results encouraging you to install the full version. You cannot continue unprotected since it will just display these windows repeatedly.

Figure 3: Scan results

Clicking on “Install the full version” will take you to the payment page.

Thinkpoint AV
Figure 4: Payment page

After rebooting an infected machine, the malware will take over your desktop and only display the splash screen window as shown in Figure 1.

To be able to bypass the splash screen, press CTRL+ALT+DEL to bring up the task manager. Then search for hotfix.exe in the process list and kill that process. Afterwards click on File, then “New Task (Run..)” and type explorer.exe then click OK to proceed with loading the desktop so that you can install or run Spyware Doctor to do a thorough cleanup of the infected machine.

This entry was posted in Malware Alerts and tagged , . Bookmark the permalink.

2 Responses to Warning: New rogue antivirus – ThinkPoint

  1. This is what I “Picked-Up” Think Point.
    I had to “fight” this; as It would automatically close whatever window I would open. It opened over 8 IE’s!!
    I put my Recovery Disk in (HP). and then ESC>Repair and after doing this x5/a Pop-Up came on “PC Tools” (small square gray box) advising to run “Scan” and Malware.

  2. Sean Young says:

    wow, a rogue that actually won’t disable taskmanager

Leave a Reply to Sean Young Cancel reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>