Think Point Virus

[darts44]

Hi!
Back to ask your help after a long time.
It is about "Think Point". I got it on my PC and here what i did to get it off my PC.
I located the file in : file:///c:/Users/Yves/AppData/Roaming and scanned the file hotfix.exe with my ZoneAlarm.
There was the "HEUR.Trojan.Win32.Generic" and was removed by my ZoneAlarm.
The problem seem to be fixed, because i was able to go on the internet and that little window from Think Point
didn't come back.
To make sure there was no virus from it anymore on my PC, i scanned one more time with the deep scan and ZoneAlarm
found another virus " Trojan.win 32.FakeAV.ppa", was it a renamed one (?). ZoneAlarm deleted this one too.
Could you help me to make sure there is no more virus hiding on my PC and to guide me how to do it?
Thanks Guys, I know i can rely on your help. Best regards, Yves

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[darts44]

Hi! Here is the log of the results of the "SUPERAntiSpyware".
Do i need to do the others too?
Regards, Yves

[recovering disk space - old attachment deleted by admin]

[darts44]

Hi! Here is the log of the MBAM scan. All clear.
Regards, Yves

[recovering disk space - old attachment deleted by admin]

[darts44]

Hi!
First, I have to ask if it is O.K. with the attachments from the "SUPERAntiSpyware" and "MBAM" i put in my replies.
I am asking because i read i should have pasted them in my post.
I am having a problem with the "HijackThis". I got the following message:
For some reason your system denied write access to the Hosts file, If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, run and type:
notepad C:\Windows\System32\drivers\etc\hosts

and press Enter, Find the line(s)
HijackThis Reports and delete them..........i can't find this in it.
Save the file as "hosts." (with quotes) and reboot. When i try to save , the file is sved without the quote.
I try to copy the result of the scan, but it is no working, i can't do it, Why?
Regards, Yves

[darts44]

Hi! I try againt about creating and saving that file "hosts", but i got the message:
C:\Windows\System32\drivers\etc\'hosts'.txt
You don't have permission t save in this location.
Contact the administrator to obtain permission.
Would you like to save in the My Documents folder instead.
And i don't know what to do!
Regards, Yves

[darts44]

Hi! Here is the copy and paste of SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2010 at 11:39 AM

Application Version : 4.45.1000

Core Rules Database Version : 5799
Trace Rules Database Version: 3611

Scan type       : Complete Scan
Total Scan Time : 02:08:03

Memory items scanned      : 779
Memory threats detected   : 0
Registry items scanned    : 8865
Registry threats detected : 2
File items scanned        : 138411
File threats detected     : 0

Malware.Trace
   HKU\S-1-5-21-169488594-3743224538-1985200111-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Disabled.FolderOption
   HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDDEN\SHOWALL#CHECKEDVALUE

Regards, Yves

[darts44]

Hi! Here is the copy and paste for MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5026

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/11/2010 1:28:43 PM
mbam-log-2010-11-03 (13-28-43).txt

Scan type: Quick scan
Objects scanned: 137633
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Andy_Goddard]

This is my first post on this forum. I just want to say what a great resource this forum is. I hope to enjoy my stay and contribute more in days to come.

Thanks

Andy

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[darts44]

Hi! Dave, I downloaded the SecurityCheck.zip on my Desktop, and when i click on the Icon, then an windows open with "run" and when i click on "run" , i got the message : C:\Users\Yves\Desktop\Securitycheck.exe is not a valit win32 application.
I am surpprise of it and fear something bad is going on in my PC.
Thanks for your time and help Dave, i really appreciate it.
Regards, Yves

[darts44]

Hi! Dave, I deleted the folder SecurityCheck. zip from my Desktop to re-dowload it againt .
From the forum page with your Link 1  /  Link2, when i click on the Link 1 or  2, a new windows on my browser open and search to connect to the link, and then the windows close and i am back to computer hope forum.
Regards, yves

[darts44]

Hi! Dave, I succeded to download againt the file Security Check. zip, but the problem with the message is till the same. Regards, yves

[SuperDave]

Ok. Just forget about Security Check for the moment and run ComboFix.

[darts44]

Hi! Dave, About the Security Check file , i realise the file i downloaded from Link 1 or 2 is not a ZIP file and when i click on proprieties , there is not byte in it. OK , i go to work on ComboFix and will let you know as soon as possible. Regards, Yves