ThinkPoint and autorun.inf usb - infected hard drive

By brodie
Nov 20, 2010
  1. Yesterday I very stupidly downloaded this "ThinkPoint" program that popped up claiming to be some Microsoft Essentials virus protection thing, which looked legit to me so I let it do it's thing. Soon enough I realised it was a virus - I couldn't access my desktop or anything, so I used the Task Manager to get online and see how I could remove it. I followed the steps to delete certain registry files and files within the Application Data on the hard drive. I've no idea if I managed to get rid of it all. Then today, I inserted my USB and low and behold, it had a virus on it (I used it a few days ago on another computer, which I'm guessing that's where it caught it from). Some autorun.inf - I googled it and some sites said to delete such and such from the usb drive, which I did, all the while my computer was going psycho.

    Avira kept alerting me literally every ten seconds that there were new viruses - 15 new viruses found - I click remove - another 3 found - remove again - 7 more found and so on. I ran a scan but nothing came up. I ran a Malware scan, again nothing. I went into Avira (the Events tab, which had about 3000 errors listed) to see where exactly the file path was and a lot of them said system restore, so I followed some online steps to turn off system restore (deleting the history) then back on again. There were also some in the Microsoft Antimalware files in the App Data on the c:/ drive in Avira. I didn't go through them all, so unsure where else. Anyway, at random intervals my computer fan or something makes a really loud noise, like it does when you have too many things going at once and all the resources are being used. I'm also having trouble visiting a lot of different sites, Firefox keeps saying Reported Attack Page -

    "This web page at has been reported as an attack page and has been blocked based on your security preferences."

    I don't think it's the website because it's doing it to all different once - this site included, twitter, etc.

    Avira has stopped alerting me of viruses every ten seconds, but it still does it maybe once an hour or so. Sorry if any of the above is confusing. I'm running Windows XP sp2 (I tried installing sp3 the other day, but every time I went to the microsoft update site, I kept getting the 'enable user data persistence" error 0x800A0046. Which, no matter what I tried, I couldn't get it working, so I just did a system restore to undo sp3.

    If anyone can help out, it would be greatly appreciated! Thanks.
  2. crunchie

    crunchie Malware Helper Posts: 728

    Please read the directions given here and when done, post the requested logs.
    Please paste the logs, do not attach them.
  3. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Malwarebytes log:



  4. crunchie

    crunchie Malware Helper Posts: 728

    You need to update MBA-M and re-run it please.


    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  5. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I'm still getting random Report Page Attack's on firefox, but this time they say: "This web page at has been reported as an attack page and has been blocked based on your security preferences."

    Updated MBAM:


  6. crunchie

    crunchie Malware Helper Posts: 728

    FF3 has a built in security feature that let's you know if a site is safe or otherwise. It is not always accurate and can be disabled.
    Open Tools > Options > Security
    Uncheck the option "Tell me if the site I'm visiting is a suspected attack site"

    You should also be able to put the site on a safe list to prevent it being flagged as bad.


    Those logs look ok. Are you having problems other than that?


    Java is out-of-date, so best do the following:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

  7. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I tried installing the Java update but when I run it a window comes up saying:

    The Windows Installer service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    I'm not running it in safe mode :/

    Well I haven't been having any more virus alerts today like I did yesterday, the computer does seem to be working good now. Except I also noticed that in addition to the report attack page, when I click on some links from google, they're redirecting me to some search engine page. I didn't realise it before because I have a bad habit of clicking something then coming back an hour later.

    Thanks so much for all your help.
  8. crunchie

    crunchie Malware Helper Posts: 728

  9. brodie

    brodie TS Rookie Topic Starter Posts: 35


    I downloaded the installer - ran it - restarted as it said - tried java again, but it still comes up with the same message.
  10. crunchie

    crunchie Malware Helper Posts: 728

    That log is ok.

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  11. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I had to reconnected the internet during the beginning of running ComboFix because it downloaded/installed Windows Recovery Console. here's the log:

  12. crunchie

    crunchie Malware Helper Posts: 728

    That cleaned out a bit. How are things now?
  13. brodie

    brodie TS Rookie Topic Starter Posts: 35

    It's running quite well. I still can't get the java to install, but apart from that, I haven't received any more redirection or attack pages, no more virus alerts, etc. Looks like it's fixed! Thanks a bunch for all the help you've given, really appreciate it :D
  14. crunchie

    crunchie Malware Helper Posts: 728

    You'll need to get that Java installed or some web sites will not load correctly.
    Not sure exactly what it may be, but I will look into it.


    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.


    Try this fix from M$:
  15. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Okay, ran the OTC. Tried the fix you posted, but nothing happened when I tried steps 1-6. I had the black box up, typed in what it said to, but nothing happened after I pressed enter. So I tried the next part of the steps - with regedit, but the setting was already on "Allow" in the permissions for System, so I couldn't change anything.
  16. crunchie

    crunchie Malware Helper Posts: 728

    Not really sure what to suggest here. You may want to post over in the Windows OS forum.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...