Recent rash of ThinkPoint Malware infections - what you should know
The Threat:
Think Point or the ThinkPoint virus is a fake antispyware program. It imitates a security tool, hijacking your browser and modifies your registry. Initial infection will result in a malfunction of Windows desktop, removing your desktop icons and displaying a fake Microsoft Security Essentials Alert.
This alert aks you to run one of five applications, including Think Point. Executing any of these programs will install Think Point on your computer. We have yet to catch this portion of the virus in action and get a screen shot of what you should look for.
Upon activation Think Point will conduct a "scan" resulting in array of trojans, viruses and spyware being found your machine. Think Point will also proceed to block Internet access and show a page “Potential Threat Details. Threat of Virus Attack!” Attempting to run any application will also be blocked by Think Point and will release a message stating that the executable file is already compromised. This is an attempt to persuade you into obtaining the $90 registered version of ThinkPoint Antivirus.
Think Point does not detect any real system threats. The virus/malware is attempting to force you into paying for the licensed version of software. Do not pay for the license or provide any credit card information. It is strongly advised that you remove Think Point as soon as it is detected on your system.
At CertifiedCIO we have found that removal is easily accomplished early in the infection by rebooting into Safe Mode, and running a full scan with both MalwareBytes and VIPRE or Microsoft Security Essentials. This is more easily accomplished if you have these tools loaded prior to the infection takes place but you can load VIPRE and MalwareBytes in Safe Mode. We have run into heavily infected clients who were forced to reinstall because the additional Malware was not able to be fully removed.
Additionally, note that if you allow ThinkPoint to run, you can access your system however the longer it runs the more Malware that ThinkPoint will download and install on your system.
For a heavily infected system we have found that removal of the hard drive and scanning it from a clean system (using a USB to IDE/SATA adapter) usually allows for a full removal of the infected files BUT you must restart the cleaned drive w/o network access to avoid the system logging on ot the internet after a restart and the remaining registry entries re-downloading the Malware. Once scanned and booted, you can use MalwareBytes to clean the affected registry entries then reconnect to the internet.
Tools Required:
You can download the tools from the links below:
MalwareBytes v1.46
MalwareBytes MBAM-Rules Manual Offline Database Updater
You may install them manually from an updated system from "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref"
VIPRE Rescue
Microsoft Security Essentials
Latest Blog Post:
| The Advantages Of Outsourced IT Support Services 05/11/2012 | Adventure Web 
|
Contact Us:
We provide managed IT services in: Baltimore, Washington DC, Northern Virginia, South Eastern Pennsylvania, and Eastern Maryland.
Please call 443-283-0666 or email for more information and managed services.