Variant: Hotfix.exe
Operating Systems Affected: Windows 9x, 2000, ME, XP, NT, Windows Vista, Windows 7
Hotfix.exe is actually a legitimate windows process file, part of MSDDHotfix and it should be found at “C:WindowsMicrosoft.NETFrameworkv1.1.4322Updates” folder. If it is situated elsewhere, it is mostly likely a component of Microsoft Security Essentials Fake Alert Trojan or part of ThinkPoint fake security program.
The cleverly named Hotfix.exe is made to deceive your anti-virus / anti-malware software fooling it into thinking it’s a legitimate Microsoft Windows file thus conceals its virus infection.
This destructive Trojan Virus if left untreated may cause terrible system slowdown and a high risk identity theft threat. The identified target of the rogue Hotfix.exe is to gain email access, infect files – leading to data mining or corruption, check user’s browsing history and retrieval of logged passwords.
If you are infected, here’s how to remove Hotfix.exe Trojan Virus:
• Disable System Restore (Windows XP users)
Right click My Computer and click on Properties → System Restore tab → Put a checkmark on Turn off system restore on all drives → Click apply then OK → Restart the computer.
• Boot to Safe Mode. Press the F8 key before the Windows Logo appears then choose safe mode → hit enter → and login on an account with Administrator credentials.
• Show hidden Files and Folders. Open My Computer → Tools → Folder Options → View Tab → click show hidden folders, files and drives. Uncheck hide operating systems files. Click OK.
• Locate and Delete the infected files:
C:\Documents and Settings\Administrator\Application Data\hotfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hgksfg.bat
• Delete the following infected registry values: Start → run → type regedit → click OK → Navigate to the listed registry addresses and delete the compromised registry entries:
{Caution: Backup the registry before editing/ deleting registry values}
[HKEY_CLASSES_ROOT\secfile]“Content Type”=”application/x-msdownload”@=”exefile”
[HKEY_CLASSES_ROOT\.exe]
[HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
• Restart the Computer