One of my clients called me and said that they had a program running that was scanning and reporting a lot of viruses. And it was asking for a payment for total cleaning. I thought this was going to be a easy job again, but I had it wrong.
I had my first experience with the Think Point virus/adware. It was on a Windows 7 machine. I could not open the task manager and it was starting in normal AND safe mode.
I solved it by booting from a bootable Hirens USB disk. I did not do anything after booting, I just restarted the computer.
Windows wanted to start normally, but a message said that there was a problem and Windows needed to do a recovery. After several minutes Windows booted normally, but I noticed that the Think Point was still running and starting to go in that blocked-mode. I quickly chose to do a system restore to a data well before the first symptoms. After that I ran Malwarebytes to remove all traces and a full system scan with AVG.
Extra info:
If you do manage to open the Task manager, the process that you have to kill is named: hotfix.exe. After ending this process you will have a blank screen. Press ctrl-alt-del again and choose for the Task manager and click File / New Task and enter explorer.exe to get your desktop. Now it is important that you download Malwarebytes (www.malwarebytes.org) and do a quick scan and remove all infected items. Restart and you are done!
