WiredWX Hobby Weather ToolsLog in

 


How can I remove Thinkpoint malware

2 posters

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
I updated Java yesterday, the current version I have at the moment is Java Runtime Enviroment 6 Update 1, is this the correct version I need

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
It should be Java Runtime Enviroment 6 Update 22

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Have got Java Update 22 now and have followed thru with your instructions. Thinkpoint is now gone and machine is running well. Thanks heaps for your help, cheers, Darryl.

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi Kaspersky only lists infections, not remove them. Please post the log, there is still some work to do.

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 21, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 20, 2010 23:24:16
Records in database: 4188528
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 137843
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:53:36


File name / Threat / Threats count
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\03DC0000\4FFEDB8E.VBN Infected: Worm.Win32.VBNA.isu 1
C:\_OTL\MovedFiles\10202010_211349\C_Documents and Settings\Administrator\Application Data\hotfix.exe Infected: Trojan.Win32.FakeAV.mvo 1

Selected area has been scanned.

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi please do the following:


1.
Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( dont check the boxes beside LOP Check or Purity this time )



2.

  1. Right-click the Symantec icon in the system tray, and click "Open Symantec AntiVirus."
  2. Click the plus sign next to "View," then click "Quarantine."
  3. Click the drop-down menu at the top of the screen and select "All Items."
  4. Click an item in the quarantine list, then press the "Ctrl" and "A" keys on the keyboard simultaneously to highlight all of the items.
  5. Click the X-shaped (Delete) icon at the top of the screen to delete the quarantine folder.



3.
Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.



Please let me know it it all goes and how your PC is running.

Thanks.

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
All processes killed
========== FILES ==========
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad moved successfully.
File\Folder C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad not found.
File\Folder C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-2dada1ad not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6756 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Adunn

User: aito

User: Akim

User: All Users

User: cbawden

User: ckaiki

User: Default User

User: dhogg

User: dtynan

User: echapman

User: fmatagi.FAIRCOL.000

User: Hcoe

User: hcrequer.FAIRCOL

User: Hcurle

User: hsmith

User: jhitchens

User: Jkaiki

User: jlove

User: jwaite

User: kaunzo

User: kclarke

User: kturei

User: LocalService

User: Mosman

User: Mpalu

User: Mreti

User: NetworkService

User: nmanocha.FAIRCOL.003

User: rwhitaker.FAIRCOL

User: Sjohns

User: skohi

User: tbilich

User: wchang

User: Zreid

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10242010_012406

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi, have done step 1 and posted otl log but now am lost again sorry. I can't see in my otl window where the system tray is, or am I looking in the wrong place?

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi, the system tray is not in OTL. It is the bottom right hand corner of your screen, next to the clock.

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi, have done the symantec as instructed but now I can't find Otl.exe anywhere on my computor. Have run a search for it but comes up with no results to display. there is no desktop icon or anything. There is an icon for ms-dos shortcut to OTL but that just gives an error message

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi,

OTL was supposed to delete itself Smile...

how is yor PC running?

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
It's running good thanks, does this mean we are finally finished? If so thank you so much, and sorry for being a computor dumb ass. You sure got he patience of an Avatar. Cheers.

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
Hi Darryl,

It is my pleasure and you were very easy to work with.


CleanUp with OTL

  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes

This will remove all restore points except the new one you just created and clean unneeded files

Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


Turn On Automatic Updates:

    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Antispyware programs:

I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.

  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recommend keeping it and using often.



Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place



Best wishes!

-TheAvatar

descriptionHow can I remove Thinkpoint malware - Page 2 EmptyRe: How can I remove Thinkpoint malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum