Jump to content
xisto Community

Brontox safe againts brontox

Recommended Posts

I'll tell you, having had it run rampant on all my computers.
first off: download Brontok remover. You can try several different ones, but one that worked for me can be downloaded at http://forums.xisto.com/no_longer_exists/.
it's also useful if you can find out what variant of it you have. in my experience, Brontok.C can take an hour or more to remove, and not all removers work with it. You'll notice most likely that in explorer windows, the folder options tab is disabled, as is regedit, msconfig, and any attempt to get into them shuts down the computer.
Also download AVG free.
Run the brontok remover, you might have to do this several times if the computer keeps trying to restart. When it's done, go to Start>All Programs>Startup and delete the empty.pif entry.
Reboot into safe mode. Disable system restore, run brontok remover again. If it finds anything, clean, delete the follwing: (where USERNAME is whatever user you have, and the assumption is that you have C: as your drive)

C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\Empty.pif
C:\WINDOWS\System32\USERNAME's Settings.scr (if exists)
C:\WINDOWS\ShellNew\*.exe (any exe files under this folder)
C:\WINDOWS\ShellNew\*.com (any com files under this folder)
C:\Documents and Settings\USERNAME\Local Settings\Application Data\*.exe (any exe files under this folder)
C:\Documents and Settings\USERNAME\Local Settings\Application Data\*.com (any com files under this folder)
C:\Documents and Settings\USERNAME\Local Settings\Application Data\*.TOK (any folder with this extension and its contents)
C:\Documents and Settings\USERNAME\Templates\*.exe (any exe files under this folder)
C:\Documents and Settings\USERNAME\Templates\*.com (any com files under this folder)

reboot into normal mode.
Try to install AVG free. It doesn't matter if you don't like that antivirus, you don't have to keep it on there. Just long enough to remove brontok. once installed and updated, try scanning. clean anything you find, reboot into safe mode and deep scan again.
Once more, check the startup for that empty.pif, go to msconfig and disable any worms from starting. Now when you reboot, your system (hopefully) will be clean, but i recommend using explorer to open various folders, especially the ones in MY Documents, while having AVG running, as there may be leftover copies of itself that AVG won't catch until they're previewed. (which is why use explorer, because it attempts to preview all the files).
You may not need to go through all those steps, you might be able to get away with a couple reboots and one scan, i just listed how i had to do it on a computer that had been infected for months.
To enable stuff disabled by brontok, open Run Command, type w/o quote marks: "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f"

Again, Run command>"gpedit.msc"
>User Configuration>Administrative Templates>Windows Components>Windows Explorer>Removes the Folder Options menu item from the Tools menu.
Right click:

One more thing. If you have multiple users, you have to make sure you run all this from an admin account that has full read/write access to every account, otherwise it will just keep copying itself back.
Sorry this wasn't too clear from start to finish, but i hope it helps.

Share this post

Link to post
Share on other sites

Brontok is a difficult threat to remove.In my experience, the best thing you can do is using a combination of several tools. First, uninstall your current antivirus (if any) and install (and use) the evaluation version of NOD32. That can help to clean most of the infected files. But, in order to really clean in deep, it is always a good idea to download and run some free apps that have been specifically designed to get rid of trojans like Brontok.There are two that are very useful: one is Brontok-remover (mentioned by Grafitti above) and the other one is Elistara. This last one is in Spanish, but it is worth the effort.Good luck!Best regards,-L.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.