ur is variant C mine is variant N....
cant find any solution, now back up the file through network....
i think if u dare, unplug the hdd and plug to ur current system and run virus scan...

i backup al; the file throught network, and scan it with my comp and it can remove the virus....hopefully is 100% remove...
i'm using avg...

try using system restore...
restart using safe mode n use any restore point..
hope it might helps


what antivirus software ur using?


err..
ur AVG didn detect brontok?
ur using the latest definition rite?

Anybody got any infector files for Brontok?

I'm trying to make a removal tool for it. I already have a beta unit but would like to test it further before release.

If you have any, please zip it up with WinZip/Rar & send it to submitals[at]yahoo.com

sUBs

This post has been edited by sUBs: Mar 27 2006, 10:20 AM

my friend's pc got infected with it..
i`ll try to copy the virus and send it to u..
i dunno if its the X@mm or U@mm since X@mm is the latest version of brontok...
i`ll check with u later

ANY & ALL versions of Brontok is welcomed.

Thanks

copied that

avg just delete those infected files...
latest definition can detect it...


ic...may try my best to send it to u...
but what email address?

the brontok i have is too dangerous...my laptop got infected and no way to cure it...
even in safe mode, it will restart when it detect those AV name...
wen search in windows dir...cant even find the .exe that u guy mention...

This post has been edited by Hungry_Wolf: Mar 27 2006, 12:47 PM

already mentioned there the email address...
submitals[at]yahoo.com


have u restored ur system?


i sent u a copy of brontok infected file..
did u receive it?

This post has been edited by sUBs: Mar 27 2006, 05:07 PM

system restore is disabled....

u dont have any restore point??

yes...

so my solution:
transfer all the important file to another pc throught network...
using thumbdrive also can...
if u dare, unplug the infected hdd and and plug to your pc and run AV scan...
scan every file that transferred...
scan what ever file that transferred to ur pc...don open 1st...
reformat the pc...
don open any file from infected hdd while scanning...

I checked my email & there was a 0kb rar attachment. Looks like a corrupted attachment
If you don't mind, please use Winzip & assign a password -> 1234 - to it. This will prevent any scanners from corrupting it.

Thanks

Ps.. Does anybody else have any more samples? If so, kindly send them to submitals[at]yahoo.com

This post has been edited by sUBs: Mar 27 2006, 05:21 PM

i`ll resend back tomorro...


yeah..
the virus become smarter and smarter...
even MYCert received lots of reports on it... MyCert Special Alert
i tried the removal tool from sophos but it aint working... after i run the tool it will be shut down by the virus

This post has been edited by eggy: Mar 27 2006, 09:40 PM

okie.. will try my best...
but..this vworm is vry s***... coz evertime i plug my pendrive to my gf pc... it will infected my pendrive... so fast.... vry scare.....

So far, I have received a few samples. Thanks to everyone who sent.
Unfortunately, everyone sent me txt files. Txt files aren't malicious.

I'm looking for samples of executables .. with these file extensions - exe, dll, bat, com, cmd.

Preferbaly some of the following files...

\Local Settings\Application Data\csrss.exe
\Local Settings\Application Data\inetinfo.exe
\Local Settings\Application Data\lsass.exe
\Local Settings\Application Data\services.exe
\Local Settings\Application Data\smss.exe"
\Local Settings\Application Data\winlogon.exe
\Start Menu\Programs\Startup\Empty.pif
\Templates\Brengkolang.com
\Windows\eksplorasi.exe
\Windows\ShellNew\sempalong.exe
\Windows\ShellNew\ElnorB.exe
\Application Data\smss.exe
Kangen.exe

i dont have those files but only the infected files...

i sent Brontok infected file to this email address submitals[at]yahoo.com
hope this help

mr suBs..
i re-sent u the infected files..
hope it doesnt corrupt again...

btw.. when i try to send it with my gmail account it found virus attached to it..
but when i send it with my yahoo account which has the NORTON ANTIVIRUS 2006 that will scan ur attachment didnt detect it..
wtf with NAV yeah??

maybe yahoo NAV not updated

i dunno..
but i dun think like tat since my attachment is not the latest brontok version


all files u mentioned are there inside my attachment..