If your system is infected with the fake antispyware application ThinkPoint you may find yourself greeted with the following screen when restarting your computer:
This is a full-screen window with the lie “ThinkPoint - World’s leading security solution” prominently displayed. Only one button is enabled, and it is labeled “Safe Startup”. Click that, and ThinkPoint will do a dog and pony show that presents your system as infected by various pieces of malware, the solution to which, it claims is to purchase the full version of ThinkPoint. All of this is a lie, of course.
So how does ThinkPoint hijack you computer’s startup screen? It does this by changing the registry value
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Windows NT\Shell to point to
hotfix.exe (or whatever filename it is programmed to use). Some versions also modify
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Windows NT\Shell in the same way.
The good news is that you can bypass ThinkPoint to gain access to your computer. Simply press Ctrl+Alt+Del and look for a process named
hotfix.exe. Right-click on that and select Terminate Process. The ThinkPoint screen should go away. At this point, all you will see is a blank screen, but we will fix that. Go to to File -> New Task in Windows Task Manager and type
explorer.exe. Click OK and Explorer should start, giving you access to your computer again. Now is the time to run an antimalware application, such as TrojanHunter to remove all traces of ThinkPoint for good.