Jump to content

Computer Problems after Thinkpoint Removal by MBAM


Recommended Posts

Hello, I wonder if other people have been having the same problems as me. The folllowing occurred after MBAM removed a "Thinkpoint" infection on my computer:

Computer Problems after a 'Thinkpoint' Infection

A few weeks ago I was infected by Thinkpoint which I foolishly clicked on while browsing the web,

although I did not fill out any of its subsequent form. I manually deleted the file 'hotfix.exe' which it

had planted in the 'Documents and Settings' folder. I then ran a Malwarebytes Anti-Malware

quick-scan which quarantined 3 files in 'Documents and Settings' (Trojan.FakeAlert,

Trojan.Dropper, and Malware.Trace), and then a full-scan which quarantined another file (in SystemVolumeInformation, Trojan.FakeAlert) and the following Registry Value apparently related to Trojan.Agent:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\shell

I am wondering, now, whether this last move may be part of my subsequent problem in starting Windows.

---------------------------------------------------------------------------------------------

Problem 2. mshta.exe

During the Thinkpoint infection, Window Defender flashed a balloon at me, something about mshta.exe

having been changed or changing something or......

In the subsequent weeks I noticed more processes than usually running in Task Manager, in one case

even 14 mshta.exe processes. I have now gotten into the habit of ending any mshta.exe processes

as soon as I see them running.

mshta.exe showed up in my computer files in six folders, all located in C:\Windows\

$NTServicePackUninstall$\mishta.exe Size on disk 20kB version 6.0.2900.2180

ie7\mishta.exe 20 kB 6.0.2900.2180

ServicePackFiles\i386\mishta.exe 32 kB 6.0.2900.5512

prefetch\MSHTA.EXE-331DF029.pf 44 kB

system32\mshta.exe 48 kB 7.0.5730.11

system32\en-us\mshta.exe.mui 4kB 7.0.5730.11

Except for the prefetch file, all creation and modification dates are well before the time of the

Thinkpoint infection. But I don't know whether these files are all legitimate or not. Symantec anti-virus, Windows Defender, and MBAM all say my system is clean, but I don't trust that. I am concerned that

one or more of the running mshta.exe processes may be a virus or something, but I have

not investigated further.

--------------------------------------------------------------------------------------------

Problem 3. Attempting to restart Windows; it cannot at its first go, and there is a crackling sound.

This started happening only after the Thinkpoint infection. If I let it try again by itself, it succeeds

in starting Windows and without any noise. If I force a Safe Mode by pressing F8 during restart,

there is no problem either. Several times I did a System Restore to an earlier date, and this

eliminates the problem for a while, but then the problem surfaces again.

-------------------------------------------------------------------------------------------

Problem 4. DCOM errors.

Event Viewer shows DCOM errors (even when not in Safe Mode) starting the day of the

Thinkpoint infection and continuing to the present. 'This service cannot be started either

because it is disabled or because it has no enabled devices associated with it. Attempting to

start the service MDM with arguments "" in order to run the server: {blah-blah-blah...}'.

It does this whether or not I have an internet connection running.

Actually, I am not concerned so much that DCOM cannot run some server. I am much more

concerned that it might be running some server behind my back! It suggests an opening for

some virus, a vulnerability. I don't want DCOM at all. I have used RegEdit to change the value

of "enable DCom" from Y to N, in HKEY_LOCAL_MACHINE\Software\Microsoft\OLE.

(There is supposed to be something else to do, running Dcomcnfg.exe, but I could not follow that.)

But still, I get these DCOM errors in Event Viewer.

-------------------------------------------------------------------------------------------

Problem 5. "The system has recovered from a serious error."

This message came up after a restart 12 days after the Thinkpoint infection. The automatic reply

from Microsoft was, "A device driver installed on your computer caused Windows to stop

unexpectedly." It further suggested going to Windows Update and checking for updated drivers,

but I tried this and there were no new drivers there for me that I saw.

----------------------------------------------------------------------------------------------------

Problem 6. "Server error: another computer on the network has the same name."

This message came up about 2 weeks after the Thinkpoint infection. The server could not start.

Link to post
Share on other sites

Maybe you should have the Malware Removal Forum look you over please:

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.