Solved

Win32.Brontok.E Worms

Posted on 2006-06-29
3
435 Views
Last Modified: 2013-12-04
Hi guys,

7 of our office machines got hit by this virus and I've no other choice except reformatting the machines. Although this issue has been solved but just in case it happens again, what's the best way to remove this? Symptoms that we've had:-

1. A .exe file being created with the same name as the parent directory that carries the same icon as directory.
2. Couldn't access folder option even on safe mode
3. Couldn't registry option even on safe mode

I did have a go with Hijackthis program and it spotted rakyatkelaparan.exe and kesejangansosial.exe. It'll keep appearing even after restart. Thanks in advance.
0
Comment
Question by:rs-250
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 17015511
There are often specific solutions for a specific virus, but I think you're asking about a general solution.

The first step is to identify the bad files. Running multiple programs is the way to go. I like:

Autoruns
HijackThis
RootkitRevealer

Once you have spotted one or two files, look for more by running Windows Explorer and searching for all files created around or after the creation time of those one or two files.

If the malware is blocking your attempts to run the above, try a few things, such as:

Run in safe mode.
Rename programs (e.g. rename hijackthis.exed to abc.exe and run that, or copy regedit.exe as reg.com and run that, etc.)

Once you have identified the key .exe or .dll or .sys files, first try deleting them in safe mode, if that fails boot from a CD and delete them.
Look in the Registry and remove the key where they'rs starting from.

If they still come back then try the following:

Right-click on the file(s) in Windows Explorer, select Properties, then  Click on the Security tab, Click on the Advanced button anc Uncheck the box labeled "Inherit from Parent...", then click "Remove"

This removes all permissions to access that file, so when you reboot they'll be unable to run.

etc.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mitigation for Win 10 user account bypass 8 108
Jailbreak and Rooting on mobile devices 10 145
firewall inside of network 9 76
Server 2008-R2 lost password 19 99
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question