Solved

Thimkpoint Trojan

Posted on 2010-11-17
5
371 Views
Last Modified: 2012-05-10
We have Client with Thinkpoint Trojan. Win 7 OS.

unable to get to desktop via safe mode or Task Mgr. We can stop the process.
Only solution we know is to take out drive and slave it and run removal software
0
Comment
Question by:interc3905
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:rsoly777
ID: 34156226
ThinkPoint is a rogue antivirus, a scam to force you to pay for it while it has no benefits at all.

How to Remove ThinkPoint (Uninstall Guide) <-- read this
http://deletemalware.blogspot.com/2010/10/how-to-remove-thinkpoint-uninstall.html

How to remove ThinkPoint - short YouTube Video
http://www.youtube.com/watch?v=HbOUYgmKxo8

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run them in
regular Windows when you can.

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/   <-- information
http://info.prevx.com/downloadcsi.asp  <-- download

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

Try the trial version of Hitman Pro :

Hitman Pro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans,
rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as
anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro

--------------------------------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/

New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm

Original version
http://onecare.live.com/site/en-us/default.htm

http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

Also do these to clear corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type in Search box -  COMMAND   find at top of list -  RIGHT CLICK  -  RUN AS ADMIN

sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228

Then run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

Hope this helps.
0
 

Author Comment

by:interc3905
ID: 34156937
As I indicated in my question, we can't get to any desktop commands to run or execute anything
0
 
LVL 9

Accepted Solution

by:
rsoly777 earned 500 total points
ID: 34157124
download a copy of Viper Rescue and put it on a thumb drive
http://live.sunbeltsoftware.com/
follow the instructions on this page to get to the recovery console
http://www.ghacks.net/2010/06/05/get-the-recovery-console-back-in-windows-7
when you get there select the command prompt and then run the Viper Rescue from the thumb drive
0
 

Author Closing Comment

by:interc3905
ID: 34163989
Vipre worked liked a Champ...Thanks
0
 
LVL 9

Expert Comment

by:rsoly777
ID: 34165796
Great Glad this worked for you :)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question