A coworker brought me a laptop (accompanied by the required food bribery) and asked me to remove a virus that had started popping up. I booted up the laptop and, not at all surprisingly, it was infected with a Fake Security Scanner of a new and particularly nasty variety. It was called ThinkPoint and it replaces explorer.exe as your Windows shell, so as soon as you login ThinkPoint is all you see and all you have the ability to interact with.
Other sites explain how to remove ThinkPoint and their instructions are accurate, assuming you can open Task Manager via CTRL+ALT+DEL or CTRL+SHIFT+DEL. Unfortunately the variant I ran into disables Task Manager, so I had to find another way to interact with the computer. Luckily, ThinkPoint is easily tricked.
- Inside ThinkPoint, click the Support button.
- The goal of malware like ThinkPoint is to get the user to purchase the “full version” of the software, and logically we know that purchasing the software will probably open a web page so we can input our credit card information. So let’s play along… Click Install the Full Version with the required modules.
- This will open up an Internet Explorer page with no status bar and no menus. Click anywhere within the page, then press CTRL+L to open the Open Dialog. This will let us explore our computer from within Internet Explorer.
- Click Browse.
- Next to the File Name field, select All Files so we can browse all files, not just HTML files.
- Navigate to C:\Windows. Locate explorer.exe, right-click it and select Open. Congratulations, you can now do whatever you want! Now follow these instructions to remove ThinkPoint: http://www.2-spyware.com/remove-thinkpoint.html