Horrible malware virus rears its ugly head

A few months ago the hinge holding my niece’s laptop lid broke off rendering her laptop totally unusable. So out of the kindness of her heart, my wife lent our niece her seldom-used Dell laptop (running Windows 7) so she can continue to do her homework, etc. while her mother figures out what to do (i.e., fix the broken laptop, buy a new one, etc). So as teenagers will do, my niece happily loaded iTunes, Skype, as well as numerous other programs and apps that teenagers cannot live without and went on her merry way. Unfortunately, during that process she inadvertently loaded a malware virus that pretended to be an anti-virus program which found a virus that can only be removed if she paid for the full version of the anti-virus software. A giant scam, of course.

This malware virus is called Thinkpoint and will display the following screen when you boot up your computer:

If you unknowingly click the “Save Startup” button, the program will appear to be scanning for a virus and will finally proclaim it found some very dangerous viruses that can only be removed if you buy their software. What’s bad about this virus is that you can’t easily remove it. There is no way of exiting from this Thinkpoint application, and when I tried to do a CTRL-ALT-DEL to access Task Manager it wouldn’t come up. So this infected laptop would just reboot and reboot with the same Thinkpoint screen as you see above.

So after some Googling, I found my solution. I needed to boot up the laptop from an external USB flashdrive and run a “real” antivirus program to eradicate the Thinkpoint virus. I found this web site that explained how to create the USB flashdrive for booting (into Linux) and then run the antivirus app called AntiVir. Following these directions I was able to have the laptop boot up from the Flash Drive and run the AntiVir software which identified the Thinkpoint virus files. Note, that the AntiVir application by default only identifies the virus files and doesn’t do anything with them. I needed to use the configuration screen for the app to have it rename the virus files. Once I did that, I removed the Flash Drive and was able to reboot the laptop to the Windows 7 user desktop.

I then followed instructions from several other web sites that explained which files to remove and which entry in the system’s registry file to remove to get rid of the Thinkpoint virus. I followed all this up with a full system scan using the freeware antivirus app called Avast! as well as McAfee antivirus. After doing all this, I think the laptop is now virus free.

My niece doesn’t remember what she did to infect the laptop with this horrible virus, but I did find evidence that she (or some application) installed a Peer-to-Peer software called Limewire that I suspect was the culprit. Limewire is a file-sharing application much like Napster, Guntella, etc. which are know to be laced with files containing viruses. As such, I’ve never used such P2P applications and I warned my niece to never install such apps again.

We are very lucky that I was able to remove this bad malware virus, otherwise, I would have needed to wipe the disk clean and go through a clean install of Windows 7 on the laptop followed by hours of trying to find the right drivers from the Dell web site…. ugh.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: