Think Point Virus

[callthatgirl]

wow, badass!

Anyone else getting it? I got 2 today and repaired 'em both remotely.

 

[trapped]

Haven't seen it yet. The virus of the week for me is Smart Engine.

 

[callthatgirl]

I think it's coming from MSN.com

 

[Lone99star]

Just got a call on Think Point, customer on the way to me now.
Says it wont boot, stuck on think point screen.

I havent had this one yet, I will time myself.

Lone99star

 

[MobileTechie]

So CTG - what are your tactics for virus removal remotely? I guess what mean is how you get control of the PC when the virus is stopping the installation of LMI or Teamviewer or whatever? Are you relying on rkill or safe mode w. networking?

Just I'm finding rkill not to be 100% effective.

 

[trapped]

Personally I find that the viruses do not block the download and launch of the teamviewer quick support client. That is assuming that they can get on the Internet.

 

[callthatgirl]

Mobiletechie, I have a few ways I get in a system (turn off proxies, safe mode with networking or msconfig/disable start up/reboot, task manager), I talk the client through a series of attempts until one gets me the "OMG, the internet works!"...then off I go with my repairs. Some manual/some scan.

This one wouldn't allow any scan tools but SAS. MBAM is getting hit bad lately with the virus, I am going to guess that MBAM without license may be soon not too good. Only because the new viruses are not allowing updates from MBAM, so off to finding alternatives.

I am now an affiliate with SAS, we'll see how that product does with a pro license. I need to test it a bit more.

Edited to add, the Think Point can be released by killing hotfix.exe. Then you can have at it.

 

[Lone99star]

I started tm while thinkpoint was doing the startup scan, stopped hotfix.exe.
Removed it manually and I,m cleaning up behind it now.

Lone99star

 

[n4cer]

Had no problem removing

I had no problem removing Thinkpoint from 4 machines so far this week with malwarebytes.
Used this: http://www.myantispyware.com/2010/10/18/how-to-remove-thinkpoint-uninstall-instructions/#more-5470.

 

[NeutronTech]

Only because the new viruses are not allowing updates from MBAM.

I'm finding this more and more lately. Which, in a way, is good for us because the quick fix tools that work so well, aren't working. Which means, the DIY guy will be lost and bring their computers in.

 

[Lone99star]

I spoke too soon, I ended having to slave the drive to clean it up.
I was getting a bsod. Thinkpoint came off pretty easy but the other malware from an expired Norton install was overwhelming. I should have n/p but I'm too hard headed for that.
Anyway it's done.

Lone99star

 

[ajc196]

I ran across this today. It was embarrassingly easy since it didn't even kill task manager. Kill the process, start Explorer, find/delete hotfix.exe, and clean up the aftermath.

 

[Vicenarian]

Pwned one the other day.

 

[ATTech]

I got a call and have someone scheduled for the weekend. This will be my first time seeing this one, but I guess the client used someone else who couldn't remove it and charged him anyway.

 

[14049752]

I guess the client used someone else who couldn't remove it and charged him anyway.

Wow...that guy's a schmuck. I've ran into several thinkpoint's in the past week and it's SUPER easy to remove. It's laughable, because I was just removing it from a BartPE build and I didn't even have to do anything else after my super-fast manual removal.

 

[iptech]

I spoke too soon, I ended having to slave the drive to clean it up.
I was getting a bsod. Thinkpoint came off pretty easy but the other malware from an expired Norton install was overwhelming. I should have n/p but I'm too hard headed for that.
Anyway it's done.

Lone99star

Are you saying Norton is malware? If you're getting BSOD the chances are it's a rootkit infection.

I suspect a lot of these stories of badass viruses are multiple infections and nothing too sinister in isolation. There does appear to be a lot of drama and misinformation getting posted these days, it would be useful to see a bit more analysis of what's actually being interpreted.

 

[Lone99star]

Are you saying Norton is malware? If you're getting BSOD the chances are it's a rootkit infection.

I suspect a lot of these stories of badass viruses are multiple infections and nothing too sinister in isolation. There does appear to be a lot of drama and misinformation getting posted these days, it would be useful to see a bit more analysis of what's actually being interpreted.

No Norton isn't malware, I was saying the customer let Norton expire and pretty much opened the door for infections.

The bsod was from a rootkit but it was not part of thinkpoint.

There was no badass infection on the computer but having 4 different rouge AVs plus various other infections it makes it a little difficult.

Lone99star

 

[Daifne]

Have one in right now that has totally trashed winlogon/userinit. It doesn't bring up a login screen, Thinkpoint or not. ctrl+alt+delete simply restarts the computer. Will be using the Recovery console a little later. Will update you all tomorrow.

 

[maclaptech]

Saw my first one yesterday. ComboFix and malwarebytes weren't updating well in safe mode. It was a really late call so I took the PC with me. I will work on it today and see how it goes.