Home Malware Programs Rogue Anti-Spyware Programs ThinkSmart

ThinkSmart

Posted: November 2, 2010

ThinkSmart is a fake anti-spyware program that is very similar to the look and behavior of its predecessor rogue application called ThinkPoint. ThinkSmart or Think Smart, uses aggressive techniques to make computer users think they have no choice but to purchase a full version of ThinkSmart in order to remove threats that it detected. ThinkSmart does not have the ability to detect or remove legitimate computer parasites.

ThinkSmart and its creator's ultimate goal is to extort money from unsuspecting computer users. To further induce these mischievous actions, once ThinkSmart is installed computer users are greeted with several popup alerts and misleading warning messages. These notifications never cease to exists until ThinkSmart is completely removed from the system.

Computer users have reported cases of not being able to manually remove ThinkSmart due to its ability to block access to the Windows task manager. The file that users may encounter causing this to happen is known as hotfix.exe. To successfully manually remove ThinkSmart the hotfix.exe file must be stopped and removed first.

Some of the popup notifications coming from ThinkSmart may be disguised as a Microsoft Security Essentials Alert message coming directed from the 'hotfix.exe' or 'mstsc.exe' files. The best approach to prevent becoming a victim from ThinkSmart attacks is to use a good anti-malware application. This will ensure that new rogues such as ThinkSmart are detected and safely removed without causing additional damage to your computer.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %LocAppData%\defender.exe
    2 %TempDir%\kjkkklklj.bat
    3 %UserProfile%\Application Data\completescan
    4 %UserProfile%\Application Data\hotfix.exe
    5 %UserProfile%\Application Data\install

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%LocAppData%\antispy.exe"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"HKCU\Software\Microsoft\Windows\CurrentVersion\Run "tmp"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"HKCU\Software\PAVHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%Documents and Settings%\[UserName]\Application Data\hotfix.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "thinksmart"HKEY_CURRENT_USER\Software\PAV
Loading...