Solved

Win32.Brontok.E Worms

Posted on 2006-06-29
3
438 Views
Last Modified: 2013-12-04
Hi guys,

7 of our office machines got hit by this virus and I've no other choice except reformatting the machines. Although this issue has been solved but just in case it happens again, what's the best way to remove this? Symptoms that we've had:-

1. A .exe file being created with the same name as the parent directory that carries the same icon as directory.
2. Couldn't access folder option even on safe mode
3. Couldn't registry option even on safe mode

I did have a go with Hijackthis program and it spotted rakyatkelaparan.exe and kesejangansosial.exe. It'll keep appearing even after restart. Thanks in advance.
0
Comment
Question by:rs-250
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 500 total points
ID: 17015511
There are often specific solutions for a specific virus, but I think you're asking about a general solution.

The first step is to identify the bad files. Running multiple programs is the way to go. I like:

Autoruns
HijackThis
RootkitRevealer

Once you have spotted one or two files, look for more by running Windows Explorer and searching for all files created around or after the creation time of those one or two files.

If the malware is blocking your attempts to run the above, try a few things, such as:

Run in safe mode.
Rename programs (e.g. rename hijackthis.exed to abc.exe and run that, or copy regedit.exe as reg.com and run that, etc.)

Once you have identified the key .exe or .dll or .sys files, first try deleting them in safe mode, if that fails boot from a CD and delete them.
Look in the Registry and remove the key where they'rs starting from.

If they still come back then try the following:

Right-click on the file(s) in Windows Explorer, select Properties, then  Click on the Security tab, Click on the Advanced button anc Uncheck the box labeled "Inherit from Parent...", then click "Remove"

This removes all permissions to access that file, so when you reboot they'll be unable to run.

etc.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question