Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews



10th November 2010

Think It's Easy to Remove ThinkPoint?  Think Again

Microsoft is one of the most trusted names in the computer industry.  When we run Windows, we become very familiar with the look and style of Microsoft's messages and alerts.  We come to trust them on sight.  The creators of rogue antivirus programs like ThinkPoint know this, and they use the distinctive Microsoft style to gain computer users' confidence.  Instead of offering security, rogues mimicking Microsoft Security Essentials issue pop-ups and warnings of severe risk to our systems.  This is an illusion created by these rogue programs to persuade users to purchase protection that may not meet your needs.  

What is ThinkPoint?

ThinkPoint is classified as a rogue antivirus program, and its goal is to persuade users that their current security program is either disabled or unable to remove severe security risks from their system.  The only solution is to purchase the full protection they are offering.  It is important to remember that not only are there no risks to your computer, there is no protection to be had from these rogue programs.

Getting to Know ThinkPoint

Rogue antispyware programs are many things, but subtle is not one of them.  If you have a rogue like ThinkPoint installed in your system, you will begin to notice almost immediately.  A tactic that virtually every rogue depends on is pop-ups.  A typical warning from this particular rogue antivirus program reads:

The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.

This happened because the application was infected by a malicious program which might pose a threat for the OS.

It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.

To advance the notion that you have a security problem, ThinkPoint blocks your task manager, toolbar, registry editor, and Start menu when it is running.  When you cannot access your task manager and get an alert like that above, it reinforces the appearance of malicious programs. 

Pop-ups also issue false scan results.  These typically look very much like warnings issued by Microsoft, and you will notice the distinctive Windows insignia in the upper left corner.  The text of such a message will read:

Scan results:

11587 - files checked

67 - files infected

61 - files restored

6 - files can't be restored (heuristic module missing)

You are given the following options:

  • Install the full version with the required modules
  • Continue unprotected

Faced with the choice, many understandably opt to install the full version, believing it will protect their systems and data.  Unfortunately, the rogue program can no more protect your computer than it can scan it.

ThinkPoint launches into false scans when you boot up your system, and you may also see the rogue's start up screen.  This features the Microsoft blue we all know, as well as the Windows symbol.  Under is the slogan, "World's leading security solution."

As is typical of rogue antivirus programs, you will notice that your computer is operating more slowly than usual.  This is because, as mentioned, ThinkPoint launches itself whenever you start your system, and it remains running in the background continually.  This diverts system resources away from your legitimate programs, resulting in sluggish performance. 

Mode of Transmission

It is helpful to understand how rogue programs access your system so you can be on your guard against them.  ThinkPoint is part of a bundle that is introduced via the false Microsoft Security Essentials Alert.  This is a Trojan that disguises itself as an Adobe Flash Player update, and when computer users install it in order to watch a movie online, the Trojan is allowed to enter. Rogues associated with ThinkPoint and the false Microsoft Security Essentials Alert are:

  • Pest Detector 4.1
  • Peak Protection 2010
  • Major Defense Kit
  • AntiSpySafeguard
  • Red Cross Antivirus

Facing the warnings and alerts, many users understandably opt to purchase ThinkPoint and provide their name and credit card information during the transaction. Unfortunately, this does not protect the computer.  If you have purchased the rogue, you can call your credit card company and try to contest the charge.  You should also take steps to remove ThinkPoint immediately.

Removing ThinkPoint

It is important to take steps immediately to remove ThinkPoint if you notice these signals.  If left intact, the rogue can slow down your computer as well as leave it vulnerable to security threats.  This is easier said than done.  You cannot simply use the uninstall feature or rely on your current antivirus program.  Rogue programs are not classified as viruses and aren't included in your security program's definition flies.  Rogues are designed to evade basic removal attempts, which leaves you with two options.

  • Automatic Removal. This is the fastest solution and arguably the best as well. A number of excellent applications exist to deal specifically with rogue antivirus programs: Malwarebytes Anti-Malware (Malwarebytes has free malware removal) and Enigma's SpyHunter are two of the most efficient. These are designed to detect and remove rogues, which are notoriously difficult to eradicate. Running the software will automatically remove ThinkPoint, as well as update your files to protect against future threats.
  • Manual Removal. This can also be an effective mode of removal, but it is not without risks. Because it requires that you be familiar with your system registry, those with technical experience may find this to be their preferred method of removal. If you are less experienced, don't hesitate to contact us for help so we can provide you more detailed instructions. The last thing we want is for you to delete legitimate programs or leave the rogue partially intact. Below is a list of registry keys and files that must be eliminated entirely from your system.

To manually remove the files, navigate from your Windows Explorer Tools menu to the "Show Hidden Files and Folders" option.  After you've deleted the necessary files and keys, go back and reverse this setting. You will also want to run a security scan as a "clean up" and to ensure optimal performance.

Remove Associated Files:

%UserProfile%\Application Data\PAV\

%UserProfile%\Application Data\antispy.exe

%UserProfile%\Application Data\defender.exe

%UserProfile%\Application Data\tmp.exe

%UserProfile%\Local Settings\Temp\kjkkklklj.bat

Remove Registry Keys:


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "tmp"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"

We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service