My computer got infected with ThinkPoint virus and how I got rid of it
My computer got infected from an external drive with a virus masquerading itself as an official Microsoft looking anti-malware calling itself ThinkPoint! If you see something like the screen shot below, do not click any of the buttons. If you did, then the malware will be installed on your machine and it will force you to restart the computer.
Upon restarting, the following screen will be shown.
Once the computer is infected, then you cannot bring up the Windows Task Manager. Instead, it will show the screen below.
I found a way to kill off the ThinkPoint malware by using the PsTools from the Windows Sysinternals website. Download PsTools and unzip to a folder e.g. C:\Share\PsTools.
Kill off the ThinkPoint process
Remove all ThinkPoint files
ThinkPoint installs files onto the current user's Application Data folder on Windows XP e.g. C:\Documents and Settings\[user]\Application Data\. These files have to be removed.
Once the computer is infected, then you cannot bring up the Windows Task Manager. Instead, it will show the screen below.
I found a way to kill off the ThinkPoint malware by using the PsTools from the Windows Sysinternals website. Download PsTools and unzip to a folder e.g. C:\Share\PsTools.
Kill off the ThinkPoint process
- Open up a Windows Command Prompt.
- In the Command Prompt, type in the following commands to list out the running processes:
C:\> cd \share\pstools
C:\> pslist
A list of running processes is displayed.
- Determine the process id number of the hotfix process, e.g. 2124.
Note: hostfix.exe is one of the files used by the ThinkPoint malware.
- In the Command Prompt, type in the following command to kill off the hotfix process.
C:\> pskill 2124
The process is killed and the ThinkPoint dialog box disappears from the screen. A sample session is shown below.
Remove all ThinkPoint files
ThinkPoint installs files onto the current user's Application Data folder on Windows XP e.g. C:\Documents and Settings\[user]\Application Data\. These files have to be removed.
- In a Windows Explorer, browse to the current user's Application Data folder.
- Mouse left click and press down the CTRL key to select the following files. Press DELETE.
start
completescan
install
hotfix.exe
agtykj.bat (the letters are random)
Fix the Registry
Comments