I-worm/brontok.a Please Help Me Get Rid Of It

Open your registry editor, find the signature (brontok) in your registry, and delete it without backing up. This should be done in safe mode.

get Avira Classic antivirus or better still mcafee 2007. after cleaning up, you'll need to create a new account that u will be using because brontok.A would have damaged your current account so much it won't work fine.

I have Brontok.C infection and it is proving stubborn to get rid of. I have latest AVG update. Any suggestions on how to get rid of the virus permanantely. Thanks

if you are also using a wireless network just to make your network safer,

turn off ssid broadcast,

change the default ip address of the router

use a 128bit wep key open system not shared access key (with shared access key some can easily get on your network. open system is a little difficult)

disabled autmatic dhcp and only configure for the number of systems u need.
use MAC address filtering

limit the ip addressing range to the number of computers instead of automatic. and on each computer manually configure the ip and gateway addresses not automatic.



if anyone is still paranoid about their computer security spyware virus trojans and still wants windows based applications then the next step will be to switch over to a linux distro and install WINE. Look up info on Linux WINE project that allows you to run windows based application on linux boxes, visual studio microsoft office etc.


those steps are basic for home security setup. though someone can still definitely get onto your network, and possible crack your wep key. it will only take a longer time and they will find it more difficult to do just hope you are not living near someone crazy enough and desperate. if you want to go hardcore, then u will need to setup up a hardware installation of firewalls virus systems and data encryptions crap



good luck

Hey beamz, try this virus/worm removal tool. Link. It did help me last time. I think it's capable of removing all brontok variant.

Or if you actually have the sample of an infected file, I suggest you run this tool. Link. This tool is capable to remove all brontok infected files in multiple paths in your system including running system process.

Hope it helps.

Use Regseeker to edit the registry.

Brontok, thats one slimy worm
Anyways i got rid of mine by using Ewido-antispyware, this super software also acts as a Trojan, adware/spyware/malware ass kicker

My Laptop is also infected with Brontok.A

I have tried all the removal tools mentioned in this thread and also several others but I can't get rid fo this worm!

@ajiboyet: How did you succeed with NOD32? I have also downloaded it and it has detected some tracking cookies but that's all.     ,

@ Jalal: Also no success with Ewido-antispyware.

@ zPixel: the same with bitdefender,

All that these removal tools manage to do on my computer is to detect some infected files and delete them but the virus keeps coming back, I guess it reboots itself. So as long as not ALL files belonging to brontok.a (especially in the registry, ) are deleted, I think one can never really get rid of the worm. Unfortunately I don't know how to do that. Especially as my Laptop won't allow me to start in safe mode,

Can anyone give me some advice?

thank you

I found NOD32 very effective
It added a menu to outlook, and scans all my messages.

Try CAV Antivirus is very effective against all brontok variant and many others unpopular viruses/worms. Download here. This software is cool and it's free.

I have a very terrible experience with that virus but I found avast to be very helpful.I am not too sure the version I had but it replicates folders in My document. Avast will prove to be useful.

instead of looking for this antivirus or that antivirus, just get a virus removal tool specifically designed for that virus or worm or whatever. they are not hard to find, just search the usual antivirus websites or use google.  you should come up with one that will totally remove the problem and reverse its effects

I have had several brontok attacks but right now i've been able to get rid of it permanently.


Currently I  use Sophos Anti Virus. If you can get hold of it, then u can configure it from the configure menu to automatically delete every instance of brontok on your system. that way you never have brontok. if u still can't lay your hands on sophos AVG also does a good job and u can get a free version off the internet.

Also make sure you are careful with flash drives. they are the chief carriers of the virus

Here's a final method tu get rid of that crazy annoying brontok shit*
Wether it is brontok.a, brontok.b, brontok.c, brontok w, m, q, k, - Read and use this method*

We'll start like this; I am sure that registry editing, task manager, group policy is not accessible, and it shows a message that it has been disbale by your administrator.

Instead of  downloading softwares tu restore some things, I have uploaded a simple tool that will restore everything that brontok has disabled, find attached - "nerve.exe"

After you have suceeded in gaining back all administrator previlages, we can tackle the virus*

Lets get Brontok out for good*
Download any brontok cleaner of your choice from the links below;

CompactbyteAV   -                       http://www.compactbyte.com/cav/cav-0.91-package.zip
Gdata anit-worm   -                      http://www.gdata.pl/~szczepionki/eng/download/remover.exe
Sophos BronGUI    -                       http://www.sophos.com/support/cleaners/brontgui.com
Kapersky Brontok Removal tool   -   http://dnl-eu5.kaspersky-labs.com/utils/klwk/klwk.zip
BITdefender Brontok removal tool-  http://download.bitdefender.com/resources/files/Download/en/AntiBrontokA-en.exe
Brontok washer  -                           http://jeruk.padinet.com/~ertanto/software/bw-beta.zip

OGAV  -                                           http://www.ognizer.net/index.php?option=com_remository&Itemid=28&func=download&id=25&chk=8a6c519ae8d28ae9223da8b2c16fc86d

Choose to run either one to clean Brontok virus from your system. If you have the time, you can run all of them but not at the same time. Do it one by one just to be 100% sure that Brontok virus is completely removed.

A virus can make changes to your registry so that it can automatically run when u execute a file.Imagine, the virus will be loaded each time you run an executable (EXE) or a batch (BAT) file. Just last week I was cleaning a computer that was infected by Brontok. After finished scanning, cleaning the virus and restoring the changes made by virus, the Symantec Antivirus Corporate Edition still pops up notification stating that Brontok virus is found and automatically deleted. This happens EVERY TIME I run an executable file.
Thats what we are going tu be stopping here*

This happens when a virus change one or more of the shell\open\command keys. If these keys are changed, the worm or Trojan will run each time that you run certain files. I've done a test by adding Notepad.exe path in \exefile\shell\open\command key. Then I tried running any EXE file, it will launch the EXE file with notepad! For Brontok virus, it loads a backdoor file called "shell.exe". You won't even notice anything abnormal when you run an EXE file.

See Image below*

Thanks to Symantec Security Response for creating a script that is able to easily reset these registry values to their default settings.

The script contains:

[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

Of all the shell\open\command keys, the exefile key is being used most frequently. When your computer starts, it loads a lot of EXE files. When you start a program, it also loads EXE file. The rest are seldom used unless you're a power user. To be on the safe side, it's better for Symantec to restore all of the shell\open\keys to default values.

Instructions to install the script:
1. Download the script at the end of this post by right-clicking on the link and save it to your desktop.
2. Right-click on the file and select "install"

You can download the script file from here, the file has an ".inf" extension;
Use this link;

http://securityresponse.symantec.com/avcenter/UnHookExec.inf

A great tool to carry around with me all the time to combat against nasty virus such as Brontok.
See "image 2" below

please help, mine is windows server 2003, how to get rid of brontok.CI

use antivir classic edition. the repair your operating system without cancelling your window files.

goodluck