Blog Archive

Wednesday, 27 October 2010

ThinkPoint rogue has functioning menu

(Which you can use to get rid of it)

When you fall victim to the ThinkPoint rogue security application, the downloader reboots your machine then presents the victim with its own scanning screen on what appears to be a Windows blue screen.

 
(Click graphic to enlarge)

Once the machine is rebooted, the rogue takes over the machine by preventing Explorer.exe to load (which means, the desktop will not load, either). If you click on the X in the upper right corner to close out of ThinkPoint, you are then presented with the “unprotected startup” screen.

A victim can’t get around the ThinkPoint screen because “current settings don’t allow unprotected startup.”


(Click graphic to enlarge)
However, ThinkPoint actually has an operating “settings” selection with a drop-down box that includes a checkbox “Allow unprotected startup.” You can close the ThinkPoint window and load your desktop once that has been checked. From there, you can use Windows Task Manager to stop hotfix.exe -- the rogue’s main file.

Alternatively, you can install and run Vipre which will remove the rogue, too.

 
(Click graphic to enlarge)
We described ThinkPoint on the GFI-Sunbelt Rogue Blog Friday here.

Thanks Dodi.

Tom Kelchner

No comments:

Post a Comment