Remove Brontok Worm
Brontok is a computer worm which spreads through emails and USB drives. There are so many variants of brontok but they basically work similarly. Variants of the Brontok worm include: Brontok.A, Brontok.B, Brontok.C, Brontok.D, Brontok.F, Brontok.G, Brontok.H, Brontok.I, Brontok.K, Brontok.Q. Other names for this worm include: [email protected], [email protected], BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, [email protected], Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E, [email protected], I-Worm.VB.DV.
Brontok Virus came from Indonesia. It arrives as an attachment of e-mail named kangen.exe (“kangen” word itself means “I miss you so much”). When Brontok is first run, it copies itself to the user’s application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer settings. It removes the option of “Folder Options” in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as “application data”) in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user’s email address as the sender. The computer also restarts when trying to open DOS window (Command Prompt) in Windows and prevents user from downloading files. It also pop ups the default Web browser and loads a web page (HTML) which is located in the “My Pictures” (or on Windows Vista, “Pictures”) folder. It create .exe files in folders usually named as folder itself (..\documents\documents.exe)includes all mapped network drives.
Is My System infected?
- You can’t start Regedit.exe
- When trying to start any other registry editor, the system restarts
- The system also restarts when executing certain EXE files
- The presence of the following files:
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
All these files have the size of the worm’s main executable: 42,028 bytes(About 42 KB).
- Disabled Folder Options
- Disabled Registry Editor
- Installs itself in the startup
- When in memory, it will restart the system if any program involving the registry is started
Brontok Worm Removal
Download tools from following sources and run these. These tools will kill the brontok process, restore folder options and registry editor and fix system startup.
Brontok Removal Tool – 1 (from Bitdefender)
Brontok Removal Tool – 2 (from sophos)
Anti Virus Protection for any PC has been a growing need. Some people recommend cheap antivirus software solution and some suggest free virus protection software or virus removal software. Internet security software are different from antivirus and with standard scanning software you also need anti spam software sometimes. Explore TechMynd Recommendations for your PC security needs.