Trojan.Horse.Win32.PAV.64.a
Trojan.Horse.Win32.PAV.64.a is a fake Trojan detection displayl"ed by ThinkPoint. ThinkPoint uses Trojan.Horse.Win32.PAV.64.a to scare users and coerce them into paying for its supposed full version. Use a reliable spyware remover to make sure your PC is free of ThinkPoint and its fake security alerts.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\completescan 2 %UserProfile%\Application Data\hotfix.exe 3 %UserProfile%\Application Data\install
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentConfiguration\Winlogon\\Shell = %AppData%\hotfix.exe
2011 brings a new version of this trojan. \'ThinkPoint\' is replaced by \'ArcSoft Palladium\'. ArcSoft is a real company, but they do not make Palladium software, and neither does Microsoft. It doesn\'t exist.
To delete it, first you have to stop it from running. Bring up the Task Manager and shutdown the \'Palladium.exe\' file from running. Open a command prompt and type \"regedit\". Then drill down the registry to HKEY_Current_User\\Software\\Microsoft\\Windows NT\\Current Version\\Winlogon\\Shell = %AppData%\\Palladium.exe
You must be in the normal Windows mode, not the safemode for the entry to appear.
Then, using My Computer, drill down to your Documents and Settings User file Application folder, and delete Palladium.exe, and its 3 associated files. They all have \'pal\' in the title and were installed the day the trojan hit. I didn\'t write them down.
Then update your Search & Destroy, or Windows Defender etc. Good luck!
My system with this Palladium issue has advanced to the level of the Task Manager vanishing. My infection occurred on New Year's day 2011. Was pleased to find this discussion but can not use these instructions. Though I have a recovery disc, my player door will not open when the button is pressed externally and the START or 'my computer' feature is also no longer available to open the disc drive door. Good thing for having important docs and pics backed up because a wipe of the hard-drive seems to be the only way out.