This Forum is Closed
March 28, 2024, 08:15:52 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: GGF now has a permanent home: http://forum.globalgulag.com
 
  Home Help Search Links Staff List Login Register  

THINKPOINT VIRUS Attack Mounted from this FORUM or during my Session Here.

Pages: [1]   Go Down
  Print  
Author Topic: THINKPOINT VIRUS Attack Mounted from this FORUM or during my Session Here.  (Read 1650 times)
0 Members and 2 Guests are viewing this topic.
Jonnie Goodboy
Hero Member
*****
Offline Offline

Posts: 833


The Gulag Archipelago, - had 'Paradise Islands'.


View Profile
« on: November 22, 2010, 01:33:30 pm »

Whilst viewing only Global Gulag and modifying a Previous Post, at about 18:15 GMT I got a massive screen warning.
From a app bearing the MS hallmark and calling itself MicroSoft Thinkpoint.

From:http://www.2-viruses.com/remove-thinkpoint

If you think 'It doesn't matter, the guys an idiot and Cointelpro' and all the other mental massages, well I've got news for you. This Spyware/Loader/virus is quite serious and completely hijacks Windows PC's. Unless you know what you are about, and what computers are about, you will completely LOSE access. ThinkPoint Hijacks the PC at the startup in both GUI and SAFE-MODE and offers no-way to exit or bypass it. It completely prevents further access to your system accept fortunately for one route ... I will explain. Other people also offer solutions, I've not read in the following article.

From:http://www.2-viruses.com/remove-thinkpoint

'What is ThinkPoint?
Think Point is a rogue anti-spyware application which was created to lie to computer user about the security status of his machine. In reality, this scam is not capable to detect any computer trouble because it is a masked virus which will use security or other exploits to reach the targeted Operating System. As soon as Trojan infiltrates computer through misleading alert of fake Microsoft Security Essentials, it will start appearing on the desktop and then will continuously interrupt into a normal your PCs functionality. This alert presents Think Point as a “world’s leading security solution” which after checking PC for malware has detected some viruses, like Unknown Win32/Trojan. Additionally, rogue starts claiming that some of the viruses detected can’t be restored because of the heuristic module which is missing. However, Think Point offers to install these required modules but then asks paying ninety or more dollars.'

So, it seems to be about getting my money rather than hacking ....

The virus takes out both GUI and SAFE MODES, You can only get access to your registry restore point data and application by using ALT-CTL-DEL » Task Manager » Run New Task and browse for your registry restore folders. If you don't have one, you're screwed utterly, at first sight. OK, I have Windows 2000, SP4, and it's not LINUX, but that's my tough choice.

'ThinkPoint' got past both my Maximum security FIREWALL settings and my ANTIVIRUS application, installed itself with these files at: C:\Documents and Settings\Administrator\Application Data

1) hotfix.exe
2) completescan
3) install.


It loads this desktop Icon onto your DESKTOP:

Which remained on the desktop even after the earlier registry restore operation.

Once you've restored an earlier registry or restore point whatever your system calls it, browse to this location without clicking on any of the files, DELETE immediately and empty your RECYCLE BIN immediately. Also DELETE the Desktop icon, obviously but don't left click it. After all this watch your http traffic in your firewall for a while.

Restoring an earlier registy at least in the case of Windows 2000, should remove any references to hotfix.exe or thinkpoint.exe and other 'ThinkPoint' references from your system. Unless of course you were previously infected, but in which case you'd already have known about it big time, unless you are blind ... no disrespect to the visually impaired.

If I did not have a reliable means of accessing the PC I would not be on here for a while whilst I figured out a means of getting access to the Host File Management System here and that might have been prohibitely difficult for someone with less determination or previous successful comebacks. THINKPOINT was picked up whilst I was on here, I've never seen it before and it is SERIOUS trouble IMO>

But I can fix and resurrect nearly anything, since I've had lots of experience with dodgy windows vulnerabilities.


« Last Edit: November 22, 2010, 04:29:01 pm by Two Tenners » Report Spam   Logged


"When the righteous become many, the people rejoice; but when anyone wicked bears rule, the people sigh".
— Prov 29:2

Share on Facebook Share on Twitter

EvadingGrid
Administrator
Full Member
*******
Offline Offline

Posts: 177



View Profile
« Reply #1 on: November 22, 2010, 01:52:48 pm »

Don't scream at me, but how about you get hold of a Linux Live CD, and try booting off the CD ?
Report Spam   Logged
Jonnie Goodboy
Hero Member
*****
Offline Offline

Posts: 833


The Gulag Archipelago, - had 'Paradise Islands'.


View Profile
« Reply #2 on: November 22, 2010, 02:00:33 pm »

The above article from 2-viruses.com must be worth a read and says that an additional file 'thinkpoint.exe' is also installed, though i suspect that's on Windows XP and up.

My method of restoring an earlier complete registry using the great freeware ERUNT/ERDNT as I do, is perfectly good as I scanned my system registry after the restore and found no reference to the virus files.

The cookies I got at the time of the attack were 123playlist.com and the tonysleep photography website. I will delete my post with the photos incase it includes viruses algorithms that have been coded into phaked .jpg images.

If you have LINUX/UNIX/MAC you may be safe.
Report Spam   Logged


"When the righteous become many, the people rejoice; but when anyone wicked bears rule, the people sigh".
— Prov 29:2
Optimus
Administrator
Hero Member
*******
Offline Offline

Posts: 1242


Routing out & defeating the globalist pigs


View Profile
« Reply #3 on: November 22, 2010, 02:05:09 pm »

I don't get any presents from Bill Gates so I wouldn't know.
Report Spam   Logged

Jonnie Goodboy
Hero Member
*****
Offline Offline

Posts: 833


The Gulag Archipelago, - had 'Paradise Islands'.


View Profile
« Reply #4 on: November 22, 2010, 02:06:25 pm »

Don't scream at me, but how about you get hold of a Linux Live CD, and try booting off the CD ?


SCREAM!!!!!!!! I am not booting of a bleeding CD, my god man this is the 21C and I am up for it ....

Virus.... Virus my ass.

Windows, I'm just used to it ...

But genuinely folks, I would say those banners, the 123playlist widget at the bottom here in the music and fun section OF THE FORUM and other open doorways make this forum HIGHLY SECURITY VULNERABLE, at this time.

ThinkPoint comes with a Message: "The WORLD's leading SECURITY solution". Well, you already know it's not a security solution by the time it's decided to install itself without your permission so, I wonder if it is a malicious attack hound virus with a HALF Feasible sounding FRONT. I think this was a random event but I'd really really watch putting third party widgets, and music players on your server. Anyone can do stuff to it.

OK, I'm outta here.
Report Spam   Logged


"When the righteous become many, the people rejoice; but when anyone wicked bears rule, the people sigh".
— Prov 29:2
Jonnie Goodboy
Hero Member
*****
Offline Offline

Posts: 833


The Gulag Archipelago, - had 'Paradise Islands'.


View Profile
« Reply #5 on: November 22, 2010, 02:13:56 pm »

I don't get any presents from Bill Gates so I wouldn't know.

It's got nothing to do with bill gates man! It's a freakin' Spyware virus, after your money ...

Oh, hang on, yeah, that sounds like WINDOWS.

Bloody Americans.
Report Spam   Logged


"When the righteous become many, the people rejoice; but when anyone wicked bears rule, the people sigh".
— Prov 29:2
Jonnie Goodboy
Hero Member
*****
Offline Offline

Posts: 833


The Gulag Archipelago, - had 'Paradise Islands'.


View Profile
« Reply #6 on: November 22, 2010, 03:33:30 pm »

Actually, despite having a Windows PC I'm pretty rarely attacked. I was a victim to a Full on attack the very day after colgan 3407 went down, believe it or not. Internet traffic speed daudled to an absolute stop, few kb-s at 2.00 pm, when it's usually least loaded and then my PC Died. Later checked both HDD's and well one was new, and all passed health checks perfectly. That was an attack that literally deleted my registry out of existance, the moment I put down the phone after talking to a guy about those very events. The Registry did not exist when I gained access to the Drive Volumes! Now that's unusual to say the least. Unprecedented. Thanks for reminding me about that 'ThinkPoint'  ~~~~ Spoooky ~~~~

Therefore I can only explain that by 'unfortunate coincidence' ..... Ahem ... But again, I pulled back from that, still have the same OS installation today.

This is what Symantec have to say about this particular 'ThinkPoint' clone of a common trojan ....

Discovered: October 10, 2007
Updated: October 10, 2007 5:08:11 PM
Type: Trojan
Infection Length: 7,680 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Trojan.FakeAV is a detection for Trojan horse programs that intentionally misrepresent the security status of a computer. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.

Trojan.FakeAV detects one of the most prolific types of risks seen on the Internet today. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look - achieved through the use of a "skin". For example, ThinkPoint is a recent example of a misleading application in circulation since October 2010.

Distribution map:



=======================================================================

And this is what 2-viruses have to say in reply to my comments and it draws a line under the issue of whether UNIX/LINUX/MAC are ruled out of bearing these whoes:

'I would recommend upgrading to Internet Security version of Avira, and not use standalone antivirus (especially free one).
The malware changes daily, thus there are chances that fresh versions of malware can be missed. In many cases malware originates from exploints from infected legitimate websites or advertisements on them. They redirect or use content from domains, that belong to malware makers. Another way to get infected with parasites, similar to thinkpoint, are various “downloads”: fake flash updates, codecs, etc.
Actually, related trojans might infect MAC and Linux PCs as well – some of them are Java based, for example Koobface.'



There, I found that to be all good clean fun and a fair fight, for a change ....
« Last Edit: November 22, 2010, 03:55:21 pm by Two Tenners » Report Spam   Logged


"When the righteous become many, the people rejoice; but when anyone wicked bears rule, the people sigh".
— Prov 29:2
EvadingGrid
Administrator
Full Member
*******
Offline Offline

Posts: 177



View Profile
« Reply #7 on: November 22, 2010, 04:29:44 pm »

Your addiction to Windows is the root cause of your problems. You can not infect an entire linux/unix system by simply browsing a web page.

See real OS have user accounts that are "sandboxed" from the rest of the system. See the OS lives on one partion and the user accounts on another partition. Where as in Windows its all mixed together, and they insist on doing that, logicaly because they don't care or they want to cause these security flaws.

Report Spam   Logged
EvadingGrid
Administrator
Full Member
*******
Offline Offline

Posts: 177



View Profile
« Reply #8 on: November 22, 2010, 05:41:02 pm »

http://distrowatch.com/

The most popular Distro's are listed here :
http://distrowatch.com/dwres.php?resource=major

Which one that would be right for you dear reader is subjective.

As to running a Live Linux off a CD, the advantage is that you get to try it out before writting it to your hardrive, so if you don't like it you don't install it. Obviously it will take a performance hit if it is running off a CD rather than a hardrive. But you may well be pleasantly surprised just what can be squeezed on a Linux CD compared to bloatware windows.

What harm would it do to try a couple of distro's out ?

If it works out you have computer that don't need to reboot all the time, is not in a constant battle with virus, malware and other nasties. Does not give the NSA instant access to your personal data and is not supporting any evil corps. Oh, and its free, legal and upsets the authorities that the plebes are using it, they of course use it on all there serious systems.
« Last Edit: November 22, 2010, 05:52:59 pm by EvadingGrid » Report Spam   Logged
Jonnie Goodboy
Hero Member
*****
Offline Offline

Posts: 833


The Gulag Archipelago, - had 'Paradise Islands'.


View Profile
« Reply #9 on: November 23, 2010, 10:03:22 am »

Your addiction to Windows is the root cause of your problems. You can not infect an entire linux/unix system by simply browsing a web page.

See real OS have user accounts that are "sandboxed" from the rest of the system. See the OS lives on one partion and the user accounts on another partition. Where as in Windows its all mixed together, and they insist on doing that, logicaly because they don't care or they want to cause these security flaws.



I am not addicted to anything (tobacco excluded). I may be dependant on Windows, but I am not addicted. Withdraw your remark Sir! Or it shall be settled by drawn light sabers at dawn ... That should satisfy the Catholic in you. I think this game has gone to your head a bit ...


How dare you Sir ....
« Last Edit: November 23, 2010, 10:17:54 am by Two Tenners » Report Spam   Logged


"When the righteous become many, the people rejoice; but when anyone wicked bears rule, the people sigh".
— Prov 29:2
EvadingGrid
Administrator
Full Member
*******
Offline Offline

Posts: 177



View Profile
« Reply #10 on: November 23, 2010, 11:52:41 am »

I am not addicted to anything (tobacco excluded). I may be dependant on Windows, but I am not addicted. Withdraw your remark Sir! Or it shall be settled by drawn light sabers at dawn ... That should satisfy the Catholic in you. I think this game has gone to your head a bit ...


How dare you Sir ....

* Cat   -  hides up nearest tree

Did you not mean Cat-O-Lick, and besides I am non denominational, and the batteries gone flat on my light sabre....

* Cat  - telephones india to speak to cousin Rahj

Report Spam   Logged
EvadingGrid
Administrator
Full Member
*******
Offline Offline

Posts: 177



View Profile
« Reply #11 on: November 26, 2010, 05:39:41 am »

So what is happening ?

Report Spam   Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by EzPortal
Bookmark this site! | Upgrade This Forum
Free SMF Hosting - Create your own Forum

Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.06 seconds with 17 queries.