Thinkpoint Virus Disaster

Hi Brunomac,

I've moved your thread to this forum as the problem is easier to deal with here.

Thinkpoint is a right pain, it does cause damage to IE and to the system in general ... but it's not irreversible.
I have to be honest when i say that this may not be the only malware on the system.

Let's get to work and sort out this system.

Step 1
We may need to fix your Windows Registry Shell value. If we do not fix this entry and hotfix.exe is deleted, then your Windows desktop may not be displayed properly when you reboot.
To fix the Shell entry, simple download the following file to your desktop. If you are having trouble downloading the file, try right-clicking on it and selecting Save as.

Shell.reg

Once Shell.reg has been downloaded, locate it on your desktop and double-click on it. When Windows asks if you would like the data to be merged, please allow it to do so.


Step 2
Go to: Norton Removal Tool

Download it to your 'Desktop'.
Don't run the tool just yet.

Download one of the following programs and save it to your desktop:

• Avira AntiVir ....installation guide Here
• Avast free
• MS Security Essentials ... see note* ...installation guide Here

Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.

Only download one AntiVirus program

Don't run the program just yet.

Step 3
Please remove the trial version of Norton from your system:

Then click on the desktop icon to run the removal tool.
When complete, install your new AntiVirus program and update the definitions.

Step 4
Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 5

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
  
  if you have problems, try this download link:
  OTL
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check

.

.

• 
  Now copy the lines in bold below.
  
  netsvcs
  msconfig
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  CREATERESTOREPOINT
  
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  
  
  .
• Click the Run Scan button.
  
  
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
MBAM scan report
Both reports from OTL


Thanks.

 

Hi Brunomac,

I thought it may be beneficial to reset the 'Windows registry Shell value'.
I've added this as step 1 .... if you haven't started the procedure that's fine just go through each step in turn.
If you have started, add the new step 1 as soon as you can.

Thanks.

 

Hi Brunomac,

Thanks for the reply.
Ok, no problem at all.
I'll be away this weekend but will still check in occasionally to check any replies.

The soon we get started, the better.