How to clean Brontok Virus

sparksspace | Tuesday, February 10, 2009 | 1 comments

The Brontok  is a worm that affects Windows based computers and  spreads by sending itself to email addresses harvested from the affected computer.  It  creates a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key.

 

292l6b9

 

Symptoms

It disables the Windows Registry Editor and modifies Windows Explorer settings.In the Tools menu, "Folder Options" will be disabled , so that the hidden files are not easily accessible to the user. It also turns off Windows firewall.The system also restarts when executing certain EXE files and when trying to start registry editor.

  • Downloading shareware/freeware software or visiting questionable websites might lead to a Worm.Brontok infection.
  • It can tracks which websites you visited or what terms you’ve typed. Spyware uses your information to deliver targeted ads to you. Also, data of your surfing activities may be sold to third parties.
  • Worm.Brontok may display annoying popups while you surf the Web. You might have Worm.Brontok or other types of parasites on your computer if you see pop-up advertising, even when you are not on the Web or when your computer has been idle for many minutes.
  • When your Web browser’s home page unexpectedly changes without your consent or your Web browser suddenly closes or stops responding, you might be infected with Worm.Brontok.
  • If you see your computer is slowing down dramatically or crashing a lot, you may be infected with an unwanted software.

 

Variants of the Brontok worm include:

W32/Lebreat-E
W32/Lebreat-E
W32/Brontok-E
W32/Brontok-D
W32/Brontok-E
W32.Rontokbro.K@mm
W32/Brontok-D
W32/Brontok-G
W32/Brontok-G
W32/Brontok-J
W32/Brontok-L
W32/Brontok-L
W32/Rontokbro.gen@MM
W32/Brontok-G
W32/Brontok-G

 

By using Task Manager to Remove Worm.Brontok Processes

  1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  2. Click on the "Image Name" button to search for "Worm.Brontok" process by name.
  3. Select the "Worm.Brontok" process and click on the "End Process" button to kill it.
  4. Remove the "Worm.Brontok" processes files:

    EKSPLORASI.EXE
    BRONSTAB.EXE

By Registry Editor to Remove Worm.Brontok Registry Values
  1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
  2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
  3. To delete "Worm.Brontok" value, right-click on it and select the "Delete" option.
  4. Locate and delete "Worm.Brontok" registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Tok-cirrhatus

Detect and Delete Other Worm.Brontok Files
  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
  2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
  3. To change directory, type in "cd name_of_the_folder".
  4. Once you have the file you're looking for type in "del name_of_the_file".
  5. To delete a file in folder, type in "del name_of_the_file".
  6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
  7. Select the "Worm.Brontok" process and click on the "End Process" button to kill it.
  8. Remove the "Worm.Brontok" processes files

\Documents and Settings\{UserName}\Local Settings\Application Data\winlogon.exe.
\Documents and Settings\{UserName}\Local Settings\Application Data\smss.exe,
\Documents and Settings\{UserName}\Local Settings\Application Data\services.exe,
\Documents and Settings\{UserName}\Local Settings\Application Data\lsass.exe,
\Documents and Settings\{UserName}\Local Settings\Application Data\inetinfo.exe,
\Documents and Settings\{UserName}\Local Settings\Application Data\csrss.exe,
\Documents and Settings\{User Name}\Templates\WowTumpeh.com f�jl,
\Documents and Settings\{User Name}\Start Menu\Programs\Startup\EMPTY.PIF,
EKSPLORASI.EXE
BRONSTAB.EXE
Tok-Cirrhatus
Tok-Cirrhatus-1761
Tok-Cirrhatus-1860

How do you remove brontok virus manually?  From Wiki Answers , Check here

 

Found a lot of free removal tools  in net ,you can use to easily remove Brontok virus.
1. CompactbyteAV

2. GData Anti…Worm

3. Sophos BRONTGUI

4. Kaspersky Brontok Removal Tool

5. BitDefender Brontok Removal Tool

6. Download SpyHunter's Malware Scanner

7. OgAV

8. AntiBrontok

9. BRONTSFX.EXE

Category: , , , ,

Welcome to SparksSpace . This blog launched on Dec 2007 with a focus on Technology.You can find latest Computer Software, Tutorials, Tricks,Tips & Software promotions here!

1 comment:

  1. Victor OstenApril 17, 2009 at 10:09 PM

    Protect and clean your PC.,
    When searching for an antispyware scanner that will protect and clean your PC it can get a little confusing. There are so many available it’s hard to know which one will work the best. If you’re like me, you’ve probably tried a variety of them all and found they basically all find the same types of bugs. Through my experimenting I’ve found that the antispyware solution from Search-and-destroy at (http://www.Search-and-destroy.com) works the best. Search-and-destroy Antispyware cleans and protects my computer just as good as any scanner, it gets rid of those nasty bugs and it does it all for less than many of the others available.

    ReplyDelete