Posted 16 November 2010 - 06:14 AM
so, after turning on my computer early this evening, i got that lovely pop up from windows security systems essentials. me, being the completely stupid computer user i am, clicked it. well as i'm sure you've read previously from other think point victims, it got onto my computer. here are the steps i took to remove the program:
running malwarebytes. full scan did not come up with anything.
restarted my computer in safe mode with networking. nothing happened even after ending the process.
restarted my computer again, allowing the program (the big blue page after i put in my password telling me to proceed using thinkpoint's 'safe mode'). once i did that, i ctrl+alt+deleted and ended the process hotfix.exe
ran malwarebytes again. another full scan came up with nothing. two quick scans came up with nothing.
installed spybot. full scan came up with something, but didn't seem to fix the problem after removing the viruses. ran a full spybot scan again, nothing came up.
installed eset nod32 antivirus. after a full scan, it came up with two threats (a virus from a year ago that hid itself in my system as "googleclock" that i disabled but could never properly dispose of) then of course, "fakethreat" or something like that. which was one of the filenames listed for the think point virus. it was removed, i deleted the shortcut from my desktop, restarted, and lo-and-behold, it worked!
now here's where i'm confused - after being on my computer for a little but, nod32 alerts me that c:/programfiles etcetcetc hotfix.exe is trying to get information or send information, and that i should click on the notification to get more info. i click on it, nothing happens. now, how could hotfix.exe still be trying to access or send information if it was probably removed, which it seems to be because a) i could start my computer without the interruption of thinkpoint and b)the file location where it resided previously no longer exists.
is it really gone, or should i still be worried? running scans on both malwarebytes and nod32 again but so far nothing.