GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionThinkPoint Infection EmptyThinkPoint Infection

more_horiz
I'm sorry to trouble anybody here, however my computer has been infected with the ThinkPoint virus. I have read up on potential ways to fix it since I've gotten it, and none of the solutions have been able to fix my problem.

When I try to run my computer in safe mode and disable the thinkpoint process, I can't find the infamous "hotfix.exe" process. And my internet is disabled.

Sorry again, for troubling you.

descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

more_horiz
Hi MarcoDoubypops and Welcome to GeekPolice.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.


In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    ThinkPoint Infection DDS

  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

more_horiz
If I am understanding you correctly, I should be albe to access firefox while my computer is in normal mode after switching the setting to "no proxy". However, the window will still not open for me.

descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

more_horiz
Can you use Internet Explorer in normal mode and download DDS by sUBs?

descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

more_horiz
No. My access to all my internet browsers (firefox, IE, and Chrome) is blocked in normal mode, and in safe mode, the window opens, but the screen says that I am disconnected from the internet.

descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

more_horiz
I see you have Windows XP and have another PC.

Please do the following….. From a clean computer download the following tools to a flash drive. Or Copy to a USB/CD or other media to use on the infected system.

Also, print out or save these instructions into note pad on a flash drive. (so you can see how to run the tools). If you can't save it to the desktop of the infected computer, you can run it right off of the flash drive.

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:

    • Tools->Options->Main tab
    • Set to Always ask me where to Save the files.

  • During the download, rename Combofix to Combo-Fix as follows:

    ThinkPoint Infection CF_download_FF

    ThinkPoint Infection CF_download_rename


  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

  • **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**




    descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

    more_horiz
    The scan is done deleting the infected files.

    It restarted my computer and is now telling me to insert my system disk.

    Does it mean a system reboot disk which will return it to factory settings? Because if at all possible, I would like to keep everything that I had saved.

    Last edited by MarcoDoubypops on 3rd November 2010, 10:28 pm; edited 1 time in total (Reason for editing : word error)

    descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

    more_horiz
    Please post the ComboFix.txt it's in your C: Drive. So I can see this report.

    descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

    more_horiz
    I didn't get a chance to save it. As soon as the scan was completed, my computer automatically rebooted.

    The system is still retrieving my files. As soon as it's done, I'll report what happens.

    descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

    more_horiz
    Unfortunately, it went for the full-system reboot. I lost my data but the virus is gone. Thanks a lot. I appreciate your time and effort.

    descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

    more_horiz
    Your welcome.... Smile... Sorry that you had to reinstall Windows.

    Here are some additional links for you to check out to help you with your computer security.

    Browsers

    Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

    If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

    NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.


    Additional Security Measures


    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

    Secunia software inspector & update checker

    descriptionThinkPoint Infection EmptyRe: ThinkPoint Infection

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum