So you’ve clicked that email attachment and now when-ever you load your machine you get a blank screen with ThinkPoint logo and Normal Startup and Safe Startup options. Not to worry, this “virus” is not as hard to remove as it looks.
Essentially this virus falls into the group of “fake anti-virus” programs which are all the common these days. It installs itself, does a fake scan of your system then reports a variety of faults and constantly gives you pop-up to buy the fake software. ThinkPoint is slightly different in that once installed it will not let you into your system, instead only giving you the ThinkPoint startup page with a black background after logging in.
This guide is written for Windows Vista/7 (All Versions), however the same principles for removal apply to XP.
First press CTRL+ALT+DEL which will give you a page offering various options. Select Task Manager and you will be brought back to the ThinkPoint start-up page. Sometimes the Task Manager will start behind the ThinkPoint page so you might have to fiddle around a bit to drag it out so you can see at least most of it.
Once in Task Manger to the Process tab and find hotfix.exe (Publisher TPI), right click and Kill Process Tree).
Next step is to go to File > New (Run) in Task Manager which will give you a small box to enter a program to run into. Again it might appear behind the ThinkPoint page so some more fiddling may be required. In this box type “cmd” without quotes. This will launch a Command Prompt window, which to the non-techy may look daunting but really isn’t something to worry about.
Next we’re going to have to type in some commands. Unless your really interested don’t worry about what each command does but the final result will be to remove the hotfix.exe file that run ThinkPoint.
In the Command Prompt box enter the following, followed by enter after each line. In the line with YOUR-USENAME replace YOUR-USERNAME with your user name, e.g. the name that appears on the login box for your account, for example “James”.
cd..
cd Users/YOUR-USERNAME/AppData/Roaming
del hotfix.exe
After this is done restart your system. This can be done by pressing CTRL+ALT+DEL again and using the Red button in bottom right hand corner.
Once restart and logged back in you’ll be presented will just a black screen this time. Again CTRL+ALT+DEL then Task Manager and File > New (Run). This time type “explorer”. This should launch your usual desktop.
Now go online and download Malware Byte’s Anti-Malware. Found here.
Install, making sure to update after installation then run and do a Quick Scan. After completed (10 – 15 minutes on standard system), click Show Results and tick everything (or just leave ticked) and click Remove Selected. After it’s done reboot your system (you will be prompted to do so anyway).
Your now running clean again!
No comments:
Post a Comment