ThinkPoint

ThinkPoint (also known as Red Cross Antivirus, Peak Protection 2010, AntiSpy Safeguard, Major Defense Kit, Pest Detector, Privacy Guard 2010, and Palladium Pro) is a bogus virus/malware scanner, pretending to warn a user about threats and viruses "detected" by the scanner and is an impersonator of the real antivirus programs. It was created in August 2010.
The following message will be displayed if a user opens up a specific program (Windows Task-Manager) scanned by the scanner:
Alert from ThinkPoint when the Windows Task-Manager is opened
Payload
The payload starts when it deliberately closes the browser and appears as a fake Microsoft Security Essentials warning, asking the user to download an antivirus program and restart the computer to complete installation.
It will run automatically at system startup, running before Windows Explorer (thereby removing access to taskbar and icons until the program is closed). The ThinkPoint splash screen will appear, which has two buttons: "Normal Startup" (disabled) and "Safe Startup" (enabled) .
It has a Vista-like interface and uses the Windows logo. It will run a fake system scan and list a series of so-called "threats" detected after clicking on the "Safe Startup" button. It will then prompt the user to either buy a "heuristic program" or "continue unprotected." Usually, a user will choose "continue unprotected," but the same window will keep on appearing, leaving users no choice but to buy the program for USD $99.90.
The program is known to block the Windows Task Manager, Windows Explorer, Google Chrome, and other programs that may terminate it. When a user presses the CTRL-ALT-DELETE or CTRL-SHIFT-ESC key combination, ThinkPoint will prevent it from starting and will display a window that reads: "The program taskmgr.exe is blocked due to safety issues which may pose a threat to the OS.
 
< Prev   Next >