?
Solved

Win32.Brontok.E Worms

Posted on 2006-06-29
3
Medium Priority
?
439 Views
Last Modified: 2013-12-04
Hi guys,

7 of our office machines got hit by this virus and I've no other choice except reformatting the machines. Although this issue has been solved but just in case it happens again, what's the best way to remove this? Symptoms that we've had:-

1. A .exe file being created with the same name as the parent directory that carries the same icon as directory.
2. Couldn't access folder option even on safe mode
3. Couldn't registry option even on safe mode

I did have a go with Hijackthis program and it spotted rakyatkelaparan.exe and kesejangansosial.exe. It'll keep appearing even after restart. Thanks in advance.
0
Comment
Question by:rs-250
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 17015511
There are often specific solutions for a specific virus, but I think you're asking about a general solution.

The first step is to identify the bad files. Running multiple programs is the way to go. I like:

Autoruns
HijackThis
RootkitRevealer

Once you have spotted one or two files, look for more by running Windows Explorer and searching for all files created around or after the creation time of those one or two files.

If the malware is blocking your attempts to run the above, try a few things, such as:

Run in safe mode.
Rename programs (e.g. rename hijackthis.exed to abc.exe and run that, or copy regedit.exe as reg.com and run that, etc.)

Once you have identified the key .exe or .dll or .sys files, first try deleting them in safe mode, if that fails boot from a CD and delete them.
Look in the Registry and remove the key where they'rs starting from.

If they still come back then try the following:

Right-click on the file(s) in Windows Explorer, select Properties, then  Click on the Security tab, Click on the Advanced button anc Uncheck the box labeled "Inherit from Parent...", then click "Remove"

This removes all permissions to access that file, so when you reboot they'll be unable to run.

etc.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question