Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Win32.Brontok.E Worms

Posted on 2006-06-29
3
Medium Priority
?
443 Views
Last Modified: 2013-12-04
Hi guys,

7 of our office machines got hit by this virus and I've no other choice except reformatting the machines. Although this issue has been solved but just in case it happens again, what's the best way to remove this? Symptoms that we've had:-

1. A .exe file being created with the same name as the parent directory that carries the same icon as directory.
2. Couldn't access folder option even on safe mode
3. Couldn't registry option even on safe mode

I did have a go with Hijackthis program and it spotted rakyatkelaparan.exe and kesejangansosial.exe. It'll keep appearing even after restart. Thanks in advance.
0
Comment
Question by:rs-250
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 17015511
There are often specific solutions for a specific virus, but I think you're asking about a general solution.

The first step is to identify the bad files. Running multiple programs is the way to go. I like:

Autoruns
HijackThis
RootkitRevealer

Once you have spotted one or two files, look for more by running Windows Explorer and searching for all files created around or after the creation time of those one or two files.

If the malware is blocking your attempts to run the above, try a few things, such as:

Run in safe mode.
Rename programs (e.g. rename hijackthis.exed to abc.exe and run that, or copy regedit.exe as reg.com and run that, etc.)

Once you have identified the key .exe or .dll or .sys files, first try deleting them in safe mode, if that fails boot from a CD and delete them.
Look in the Registry and remove the key where they'rs starting from.

If they still come back then try the following:

Right-click on the file(s) in Windows Explorer, select Properties, then  Click on the Security tab, Click on the Advanced button anc Uncheck the box labeled "Inherit from Parent...", then click "Remove"

This removes all permissions to access that file, so when you reboot they'll be unable to run.

etc.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question