PDA

View Full Version : Think Point Virus


callthatgirl
10-20-2010, 08:15 PM
wow, badass!

Anyone else getting it? I got 2 today and repaired 'em both remotely.

trapped
10-20-2010, 08:22 PM
Haven't seen it yet. The virus of the week for me is Smart Engine.

callthatgirl
10-20-2010, 08:51 PM
I think it's coming from MSN.com

Lone99star
10-20-2010, 10:34 PM
Just got a call on Think Point, customer on the way to me now.
Says it wont boot, stuck on think point screen.

I havent had this one yet, I will time myself.

Lone99star

MobileTechie
10-20-2010, 10:59 PM
So CTG - what are your tactics for virus removal remotely? I guess what mean is how you get control of the PC when the virus is stopping the installation of LMI or Teamviewer or whatever? Are you relying on rkill or safe mode w. networking?

Just I'm finding rkill not to be 100% effective.

trapped
10-20-2010, 11:44 PM
Personally I find that the viruses do not block the download and launch of the teamviewer quick support client. That is assuming that they can get on the Internet.

callthatgirl
10-20-2010, 11:44 PM
Mobiletechie, I have a few ways I get in a system (turn off proxies, safe mode with networking or msconfig/disable start up/reboot, task manager), I talk the client through a series of attempts until one gets me the "OMG, the internet works!"...then off I go with my repairs. Some manual/some scan.

This one wouldn't allow any scan tools but SAS. MBAM is getting hit bad lately with the virus, I am going to guess that MBAM without license may be soon not too good. Only because the new viruses are not allowing updates from MBAM, so off to finding alternatives.

I am now an affiliate with SAS, we'll see how that product does with a pro license. I need to test it a bit more.

Edited to add, the Think Point can be released by killing hotfix.exe. Then you can have at it.

Lone99star
10-20-2010, 11:55 PM
I started tm while thinkpoint was doing the startup scan, stopped hotfix.exe.
Removed it manually and I,m cleaning up behind it now.

Lone99star

n4cer
10-21-2010, 12:22 AM
I had no problem removing Thinkpoint from 4 machines so far this week with malwarebytes.
Used this: http://www.myantispyware.com/2010/10/18/how-to-remove-thinkpoint-uninstall-instructions/#more-5470.

NeutronTech
10-21-2010, 12:48 AM
Only because the new viruses are not allowing updates from MBAM.


I'm finding this more and more lately. Which, in a way, is good for us because the quick fix tools that work so well, aren't working. Which means, the DIY guy will be lost and bring their computers in.

Lone99star
10-21-2010, 03:02 AM
I spoke too soon, I ended having to slave the drive to clean it up.
I was getting a bsod. Thinkpoint came off pretty easy but the other malware from an expired Norton install was overwhelming. I should have n/p but I'm too hard headed for that.
Anyway it's done.

Lone99star

ajc196
10-27-2010, 11:42 PM
I ran across this today. It was embarrassingly easy since it didn't even kill task manager. Kill the process, start Explorer, find/delete hotfix.exe, and clean up the aftermath.

Vicenarian
10-27-2010, 11:52 PM
Pwned one the other day.

ATTech
10-28-2010, 12:10 AM
I got a call and have someone scheduled for the weekend. This will be my first time seeing this one, but I guess the client used someone else who couldn't remove it and charged him anyway.

14049752
10-28-2010, 12:33 AM
I guess the client used someone else who couldn't remove it and charged him anyway.


Wow...that guy's a schmuck. I've ran into several thinkpoint's in the past week and it's SUPER easy to remove. It's laughable, because I was just removing it from a BartPE build and I didn't even have to do anything else after my super-fast manual removal.

iptech
10-28-2010, 12:43 AM
I spoke too soon, I ended having to slave the drive to clean it up.
I was getting a bsod. Thinkpoint came off pretty easy but the other malware from an expired Norton install was overwhelming. I should have n/p but I'm too hard headed for that.
Anyway it's done.

Lone99starAre you saying Norton is malware? :confused: If you're getting BSOD the chances are it's a rootkit infection.

I suspect a lot of these stories of badass viruses are multiple infections and nothing too sinister in isolation. There does appear to be a lot of drama and misinformation getting posted these days, it would be useful to see a bit more analysis of what's actually being interpreted.

Lone99star
10-28-2010, 02:00 AM
Are you saying Norton is malware? :confused: If you're getting BSOD the chances are it's a rootkit infection.

I suspect a lot of these stories of badass viruses are multiple infections and nothing too sinister in isolation. There does appear to be a lot of drama and misinformation getting posted these days, it would be useful to see a bit more analysis of what's actually being interpreted.

No Norton isn't malware, I was saying the customer let Norton expire and pretty much opened the door for infections.

The bsod was from a rootkit but it was not part of thinkpoint.

There was no badass infection on the computer but having 4 different rouge AVs plus various other infections it makes it a little difficult.

Lone99star

Daifne
10-28-2010, 01:59 PM
Have one in right now that has totally trashed winlogon/userinit. It doesn't bring up a login screen, Thinkpoint or not. ctrl+alt+delete simply restarts the computer. Will be using the Recovery console a little later. Will update you all tomorrow.

IAMPC
10-28-2010, 04:18 PM
Saw my first one yesterday. ComboFix and malwarebytes weren't updating well in safe mode. It was a really late call so I took the PC with me. I will work on it today and see how it goes.