Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  agyat : (23 May 2013 - 01:23 AM) Wow! Mr. Sb Back Home.
@  OpaQue : (23 May 2013 - 12:44 AM) Ting
@  OpaQue : (24 April 2013 - 02:44 PM) I guess, Time to run Mycent script.
@  OpaQue : (24 April 2013 - 02:43 PM) wow.. not much spam. except habatt posting lot of links.. :P
@  yordan : (23 April 2013 - 01:04 PM) You're welcome, agyat. Nice to have been helpful. Second lesson: try full words, "you" instead of "EW".
@  agyat : (23 April 2013 - 05:03 AM) @YORDAN: tHANK EW FOR YOUR FIRST LESSON.   :D
@  yordan : (22 April 2013 - 09:43 PM) @agyat : "why don't you help me", or "please help me", or "please teach us"
@  yordan : (22 April 2013 - 09:42 PM) welcome back, velma
@  velma : (22 April 2013 - 07:51 AM) **yawns** Good to be back, wonder what is going on here :)
@  agyat : (22 April 2013 - 03:50 AM) Oh! so, why don't help me learn english..
@  yordan : (21 April 2013 - 08:38 PM) The goal mentioned by shiu : "learning english, learning computer"
@  agyat : (21 April 2013 - 06:31 PM) WHAT GOAL?
@  yordan : (20 April 2013 - 10:39 AM) yes, that's our goal. simultaneouly learning English and teaching/learning computer using.
@  shiyu : (20 April 2013 - 07:30 AM) learning english,learning computer
@  yordan : (19 April 2013 - 01:11 PM) Oh, I see, it's just a trick in order to force people looking at your texte. Somehow smart, maybe.
@  agyat : (19 April 2013 - 02:54 AM) And of course I know it is not SEO friendly.
@  agyat : (19 April 2013 - 02:52 AM) There may be two possible answers for that ....


1) Shout was posted using mobile keypad.

2) To force people read content carefully and/or with more concentration.
@  agyat : (19 April 2013 - 02:49 AM) There may be two possible answers for that ....
@  yordan : (18 April 2013 - 09:35 PM) however, why this mixing of capital letters in the middle of your text?
@  agyat : (18 April 2013 - 11:10 AM) false feelings.

Replying to Brontox


Post Options

    • Can't make it out? Click here to generate a new image

  or Cancel


Topic Summary

Leon

Posted 03 July 2007 - 04:04 AM

Brontok is a difficult threat to remove.

In my experience, the best thing you can do is using a combination of several tools. First, uninstall your current antivirus (if any) and install (and use) the evaluation version of NOD32. That can help to clean most of the infected files. But, in order to really clean in deep, it is always a good idea to download and run some free apps that have been specifically designed to get rid of trojans like Brontok.

There are two that are very useful: one is Brontok-remover (mentioned by Grafitti above) and the other one is Elistara. This last one is in Spanish, but it is worth the effort.

Good luck!

Best regards,

-L.

Grafitti

Posted 25 April 2007 - 03:35 AM

I'll tell you, having had it run rampant on all my computers.
first off: download Brontok remover. You can try several different ones, but one that worked for me can be downloaded at http://jeruk.padinet...are/bw-beta.zip.
it's also useful if you can find out what variant of it you have. in my experience, Brontok.C can take an hour or more to remove, and not all removers work with it. You'll notice most likely that in explorer windows, the folder options tab is disabled, as is regedit, msconfig, and any attempt to get into them shuts down the computer.
Also download AVG free.
Run the brontok remover, you might have to do this several times if the computer keeps trying to restart. When it's done, go to Start>All Programs>Startup and delete the empty.pif entry.
Reboot into safe mode. Disable system restore, run brontok remover again. If it finds anything, clean, delete the follwing: (where USERNAME is whatever user you have, and the assumption is that you have C: as your drive)

C:\WINDOWS\eksplorasi.exe
C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\Empty.pif
C:\WINDOWS\System32\USERNAME's Settings.scr (if exists)
C:\WINDOWS\ShellNew\*.exe (any exe files under this folder)
C:\WINDOWS\ShellNew\*.com (any com files under this folder)
C:\Documents and Settings\USERNAME\Local Settings\Application Data\*.exe (any exe files under this folder)
C:\Documents and Settings\USERNAME\Local Settings\Application Data\*.com (any com files under this folder)
C:\Documents and Settings\USERNAME\Local Settings\Application Data\*.TOK (any folder with this extension and its contents)
C:\Documents and Settings\USERNAME\Templates\*.exe (any exe files under this folder)
C:\Documents and Settings\USERNAME\Templates\*.com (any com files under this folder)

reboot into normal mode.
Try to install AVG free. It doesn't matter if you don't like that antivirus, you don't have to keep it on there. Just long enough to remove brontok. once installed and updated, try scanning. clean anything you find, reboot into safe mode and deep scan again.
Once more, check the startup for that empty.pif, go to msconfig and disable any worms from starting. Now when you reboot, your system (hopefully) will be clean, but i recommend using explorer to open various folders, especially the ones in MY Documents, while having AVG running, as there may be leftover copies of itself that AVG won't catch until they're previewed. (which is why use explorer, because it attempts to preview all the files).
You may not need to go through all those steps, you might be able to get away with a couple reboots and one scan, i just listed how i had to do it on a computer that had been infected for months.
To enable stuff disabled by brontok, open Run Command, type w/o quote marks: "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f"

Again, Run command>"gpedit.msc"
>User Configuration>Administrative Templates>Windows Components>Windows Explorer>Removes the Folder Options menu item from the Tools menu.
Right click:
Properties>Disable>Apply

One more thing. If you have multiple users, you have to make sure you run all this from an admin account that has full read/write access to every account, otherwise it will just keep copying itself back.
Sorry this wasn't too clear from start to finish, but i hope it helps.

WeaponX

Posted 24 April 2007 - 12:47 PM

Take a look at:

http://solyaris.word...remover-update/

A quick search at Google and that site popped up as the first result :ph34r:

mnur183

Posted 24 April 2007 - 07:18 AM

anyone know how to remove brontox??...is the something i can do to aware from this things??

Review the complete topic (launches new window)

  1. Open Discussion & Free Web Hosting
  2. Computers & Tech
  3. Software
  4. Anti-Virus & Anti-Spyware
  5. Brontox
  6. Rules