The steps I took first..then how we got here..if you even care!
PS...you might need a second computer to do all this stuff, in fact if the only computer we had was his, I would not have been able to view any of the sites that saved our computer, and you would not be able to view this blog!
This virus was called Think Point. It pretended to be an anti-virus program and completely took over my husband's computer. It was actually extortion and should be a crime. It demanded $99 to fix the problem and would appear, almost full screen, every time I booted the computer, even when loaded in 'safe mode'.
It disables your explorer.exe file so you have no task bar and no icons on your screen. Alt-Ctrl-Del does not work, and restore, even in DOS will not work, as it denies permission and/or access to all your controls. Oh, and my husband somehow removed Task Manager from Alt-Ctrl-Del!
This is the step by step process I went through, which took 3 days and about 30 hours total time, 24 of which was just Googling to find the solution!
PSS...try to always run your computer in 'safe mode' or 'safe mode with internet access. To do this, while booting your computer keep hitting the f8 or f12 (both worked for me) while it is loading..then select which way to open...safe with internet access is the usual.
I. I discovered Kevstar at http://en.kioskea.net/forum/affich-35497-spyware-virus-has-taken-over-administrator#30 His/her solution worked...press the 'windowskey + U' and it brings up Control Panel/Ease of Access/Ease of Access Center..from there, open the ICON at the left top address bar to get access your entire computer. Then you need to click the center button in the uppermost right hand corner (there a minus sign, a double page, and an x..click the double page and it shows a single page) then, grab the side line on the right of the page and drag it to the narrowest, since the virus almost engulfs your entire screen. Whew, cause this was the first glimpse of hope I got! From C click on OS and all your folders and files are available. From here you can click on your programs folder and find either internet explorer or mozilla folders and click on them to find the ICON to get to the internet.
II. This site gave me the name of the actual .exe file that took over my entire screen so I could not maneuver: http://www.spywares-remove.com/remove-thinkpointthinkpoint-removal-tutorial this particular virus .exe file was hotfix.exe, there are too many viruses to name them all and I just have experience with this one (so far). I was able to use the 'search' function on the upper right address bar...search the entire C drive. I was instructed to rename it, which I did. Rebooted in safe mode with internet access....and viola! Empty still, but when I pressed 'windowskey +U' I could see the entire page!
III. There are two websites that are absolute lifesavers for those of us non geeks! http://www.bleepingcomputer.com/ and http://www.malwarebytes.org/ what great people run those benevolent sites, only God knows for sure!
IV. Of course my internet was also hijacked, so I had to copy and paste the names of the sites into the Google address bar in order to actually get to those sites, because clicking on the name sent me to some other ad site or nowhere at all. In fact Foxfire could not locate malwarebytes at all (yet)!
V. bleepingcomputer.com gave so many great downloads and advise I cannot praise them enough. I had to use the most extreme program in order to fix the problem. It was ComboFix. It comes with dire warnings and a disclosure that it's at your own risk...but, by this time, nothing could be worse than the fix I was in. I was even considering telling my husband he needed to buy another computer! I did not know this at the time, but ComboFix reinstalled the Windows Vista OS! I had to scramble to find the authentication numbers etc and I had dabbled so much everywhere I had inadvertently shut down all my internet services, and thus my internet access all by my lonesome! Luckily I was able to phone Microsoft and get my validation completed. I had explorer.exe back and it was running! It looked like a real computer again! But, alas, it was still infected.
VI. I still could not run malwarebytes to get rid of the virus, but I remembered in my hours and hours of reading the internet that there was one other good anti-virus program that can fix most of the problem.
http://www.superantispyware.com/ is their website. I was able to download and run this program in 'safe mode with internet access'. It found 294 viruses, this is after ComboFix deleted a few hundred! After running Superantispyware I was able to install and run malwarebytes and it discovered another 116 viruses!
This is how we got there.......
My husband loves the internet! The best part is when he Googles "free" and finds a slew of stuff he can download that costs nothing, nada, zilch. We all know where that can lead, not he.
Needless to say he encountered a virus, he's had one before, but not like this one!
Let's back up. He got rid of the Norton Anti-Virus from his machine, right away, because it stopped him from downloading his "free" stuff, well, not actually stop him, but it interfered with his unfettered ability to download "free" stuff! He thought it should be 'un-constitutional' to do that. So he acquired a virus, and in about 4 hours with a good Anti Virus program I was able to get him back to normal...it found over 999 viruses...I do not remember how many exactly.
Of course, I left the anti-virus program on his machine, thinking he had learned his lesson and would run it occasionally, but the very first problem he encountered he blamed the anti-virus program and deleted it...it was at this time he removed Task Manager from his Alt-Ctrl-Del function. And the setting was in place for terror to corrupt his computer, and of course, it did!
No comments:
Post a Comment