Fake Trojan Removal Kit serves up ThinkPoint Rogue

You might want to steer clear of the following fake security program, being promoted as a “Windows Trojan Removal Kit” but actually hijacking your PC in the form of the ThinkPoint rogue with a mixed (24/43) detection rate.



The file is currently being offered up by your typical “fake security scan” pages, such as microsoftwindowssecurity152(dot)com. Those familiar with this particular rogue will be aware that it tends to stick with domains similar to the one above.


Click to Enlarge

Installing the executable can potentially give you a bit of a headache, with what would appear to the average user to be fake “Blue Screens of Death” and payment nag screens. See here for details on how to get around the supposedly locked up desktop, and check here for some of the many variations on this theme. We catch this one as Trojan.Win32.Generic.pak!cobra.

Christopher Boyd