I’ve seen a few thinkpoint infections lately.
It seems to be very common, and looks scary, as it seems to take over the computer before its fully booted.
It also seems to bypass the likes of AVG and Norton (no surprises there!)
However running malwarebytes quickly removes this annoying beast.
But in one case, the internet was still not working correctly.
That was fixed by clearing the windows filewall (control panel -> windows firewall -> advanced -> restore defaults
However, I then noticed that MSSE wouldn’t update correctly (and neither would Microsoft update).
I eventually had to remove the hosts file (c:windowssystem32driversetchosts) which was made more difficult due to it having its security attributes altered by thinkpoint.
All up, quite tricky.
I’ve noticed that some security software actually scans the hosts file, and will fix any alterations to it (while others will not touch it).
I’d say that in most non-corporate situations, the hosts file should always be left in its pristine condition… but in larger companies, you don’t want security software to change a customised hosts file… its a trade off, with no clear answer.