Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus/malware grouped together?

Started by bamakodaker , Oct 20 2010 11:19 PM

  • Please log in to reply

#1
bamakodaker
Posted 20 October 2010 - 11:19 PM

bamakodaker

    Member

  • Member
  • PipPipPip
  • 470 posts
Hello,

Is there a way to determine the type of bug one has? Think Point - I don't see it addressed here yet. I was going to help someone who was infected by it but I don't find anything about it here yet. I just wondered if there were generic categories these might fall in. As in all redirects could be dealt with this way . .

Think Point really takes over. She says Win 98 computer keeps going into Safe Mode. I'll check Geeks in morning before I go over there but at this point I'm hoping the scan from SUPERAntiSpyware.com will provide what I need.

Thanks for any info.
bamakodaker
  • 0

Advertisements

#2
RKinner
Posted 21 October 2010 - 09:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
Probably not going to be in time but I found a site
http://www.2-viruses...move-thinkpoint

that claims it's two files:

%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe


The tricky part is it is run by the shell value in HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. This should normally be: explorer.exe

It also has an entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run which runs thinkpoint.exe

Windows won't mind if you delete thinkpoint.exe. Probably an error message after logon but if you delete hotfix.exe you probably won't have a desktop.

Since it's win98 this should be easy to fix. Boot into DOS (Edit \autoexec.bat and put a REM or # in front of win then save and reboot. To get back into windows just type win and you should be able to edit autoexec.bat again.)
and then locate the two files and then copy the explorer.exe onto them.

cd %UserProfile%\Application Data
dir
(make sure you see the bad guys)
copy \windows\explorer.exe hotfix.exe
copy \windows\explorer.exe thinkpoint.exe

I would think Hijackthis should see and let you fix fix both registry entries but you may need to find an older version to get it to work with 98.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP