The Emsisoft malware research team has discovered a new outbreak of the Think Point adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ThinkPoint.

Think Point is a rogue security program, this is another variant of rogue Adware.Win32.FakeSecurityEssentials. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. Family of Adware.Win32.FakeSecurityEssentials usually promote another rogue security product, like Red Cross Antivirus, AntiSpySafeguard, Major Defense Kit, Peak Protection 2010, and Pest Detector. You can see more deep analysis about Fake Security Essentials at http://blog.emsisoft.com/2010/08/29/security-essentials-not/.

Create new files:

• %UserProfile%\Application Data\completescan
• %UserProfile%\Application Data\hotfix.exe
• %UserProfile%\Application Data\install

Modify registry entry:

• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  Shell = %UserProfile%\Application Data\hotfix.exe

Screenshots:

How to remove the infection of Think Point (Adware.Win32.ThinkPoint)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the Fake Security Essentials adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.FakeSecurityEssentials.b.

FakeSecurityEssentials is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue application also promote another rogue security product, like Red Cross Antivirus, AntiSpySafeguard, Major Defense Kit, Peak Protection 2010, and Pest Detector. See more deep analysis about this rogue at http://blog.emsisoft.com/2010/08/29/security-essentials-not/.

Create new file:

• %UserProfile%\Application Data\defender.exe

Create/modify registry entries:

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
  (DWORD) WarnOnZoneCrossing = 0×00000000 (0)
  (DWORD) WarnOnPostRedirect = 0×00000000 (0)
  (DWORD) WarnonBadCertRecving = 0×00000000 (0)

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
  (SZ) tmp = %UserProfile%\Application Data\defender.exe

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce
  (SZ) SelfdelNT = cmd /C del “%UserProfile%\Desktop\exe.exe”

• HKEY_CURRENT_USER\software\PAV
  (SZ) uid = allinone

Screenshots:

How to remove the infection of Fake Security Essentials (Adware.Win32.FakeSecurityEssentials.b)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the FakeSecurityEssentials adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.FakeSecurityEssentials.

FakeSecurityEssentials is a rogue security program, that try to deceives the user with a GUI similar to Microsoft Security Essentials.  A rogue security program tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

How to remove the infection of FakeSecurityEssentials (Adware.Win32.FakeSecurityEssentials)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.