Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Win32.Brontok.E Worms

Posted on 2006-06-29
3
436 Views
Last Modified: 2013-12-04
Hi guys,

7 of our office machines got hit by this virus and I've no other choice except reformatting the machines. Although this issue has been solved but just in case it happens again, what's the best way to remove this? Symptoms that we've had:-

1. A .exe file being created with the same name as the parent directory that carries the same icon as directory.
2. Couldn't access folder option even on safe mode
3. Couldn't registry option even on safe mode

I did have a go with Hijackthis program and it spotted rakyatkelaparan.exe and kesejangansosial.exe. It'll keep appearing even after restart. Thanks in advance.
0
Comment
Question by:rs-250
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 17015511
There are often specific solutions for a specific virus, but I think you're asking about a general solution.

The first step is to identify the bad files. Running multiple programs is the way to go. I like:

Autoruns
HijackThis
RootkitRevealer

Once you have spotted one or two files, look for more by running Windows Explorer and searching for all files created around or after the creation time of those one or two files.

If the malware is blocking your attempts to run the above, try a few things, such as:

Run in safe mode.
Rename programs (e.g. rename hijackthis.exed to abc.exe and run that, or copy regedit.exe as reg.com and run that, etc.)

Once you have identified the key .exe or .dll or .sys files, first try deleting them in safe mode, if that fails boot from a CD and delete them.
Look in the Registry and remove the key where they'rs starting from.

If they still come back then try the following:

Right-click on the file(s) in Windows Explorer, select Properties, then  Click on the Security tab, Click on the Advanced button anc Uncheck the box labeled "Inherit from Parent...", then click "Remove"

This removes all permissions to access that file, so when you reboot they'll be unable to run.

etc.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question