The Brontok Virus is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer. Brontok Virus came from Indonesia. When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. Variants of the Brontok worm include:
Brontok.A
Brontok.B
Brontok.C
Brontok.D
Brontok.F
Brontok.G
Brontok.H
Brontok.I
Brontok.K
Brontok.Q
- Start your computer in safe mode with command prompt and type the following command to enable registry editor:-
reg delete HKCUsoftwaremicrosoftwindowscurrentversionpoliciessystem /v "DisableRegistryTools"
and run HKLMsoftwaremicrosoftwindowscurrentversionpoliciessystem /v "DisableRegistryTools"
- After this your registry editor will be enabled
- Now type explorer
- Goto Run and type regedit
- Then follow the following path :-
HKLMSoftwareMicrosoftWindowsCurrentversionRun
on the right side delete the entries which contain 'Brontok' and 'Tok-' words.
- After that restart your system
- Now open registry editor and follow the path to enable folder option in tools menu
HKCUSoftwareMicrosoftWindowsCurrentversionPoliciesExplorer 'NoFolderOption'
delete this entry and restart ur computer
- Now search *.exe files in all drives (search in hidden files also)
remove all files which are display like as folder icon.
Article Source: http://EzineArticles.com/?expert=Avun_Mohamed
AVG
PCMAV
