I got nailed by the Fake Microsoft Security Essentials trojan...

D

DMinNC

New Member
Hi all,

I am new to the forum as of today. I did some searching, but didn't see anything similar to my situation, so I thought I would throw it out for discussion.

My kids have a 7 yr old. Acer notebook that we've had since it was new. It runs Windows XP, and while slow, is perfect for the kids to hammer away on. Earlier this week, it was infected by the Fake MSE trojan that's going around -- so infected that now it will only boot up to a screen that has a (probably fake) Microsoft logo and the word "ThinkPoint" on it, with a green "Safe Mode" button. Needless to say, I'm reluctant to click on the Safe Mode button, as I am sure this is part of the trojan. I think one of my kids accidentally ran/installed the trojan instead of calling me, but too late now for me to complain.

I am reluctant to take it to one of the computer repair places around here, as the notebook is really not worth sinking any money into. I'm not as proficient with computers as you guys probably are, but am pretty good at following directions.

Is there a way to fix this notebook at this point?
 
Thinkpoint is pretty nasty. You can kill it sometimes easily sometimes not. The easiest way to kill it is actually boot the pc to safe mode by pressing F8 upon bootup and log on to the administrator account and then do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

You can download combofix from an uninfected computer and use a usb flash drive to transfer the file to the infected computer and run it. After running combofix please post the log along with a hijackthis log from normal bootup mode. The combofix log will be located at c:\combofix.txt.
 
I just rebooted and pressed F8 -- which one of the following do I choose?

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

I don't see anything that specifically says "administrator account", so I am hoping it is one of these three.

Thanks!
 
Yes, just run the programs that Jon has instructed while in safe mode. Then post your results here.
 
Interesting -- I loaded the .exe file on to a USB drive and then loaded it on to the infected computer. I ran the program starting at 2:54 EST. At 3:03, the notebook's clock stopped, and the program is apparently no longer running. The clock still shows 3:03, and nothing else has happened.

Is it safe to power down the notebook and try it again?
 
Yes shut computer down and reboot system reboot back onto safemode and log onto the administrator account and rerun combofix
 
I just got rid of this about a month ago. What I did was install Malwarebytes and Hitman Pro.

I let Malware do it's scan and finish. Then I ran Hitman Pro and when I restarted the laptop Hitman Pro removed all the junk.

Took a good few hours of searching online to find something that worked for me. Best of luck to you.
 
You must log in or register to reply here.
Back
Top