Did notice but is busy attending to several HJT logs. Hve you any trouble running it from anywhere apart from Desktop? AFAIK, there shouldnt be any problems.

Yo sUBs, I have tried your program, if I got the Pre Analysis run to report as "........" means my computer is safe from the Worm?

And please do check my HijackThis log below because I am suffering from a problem since yesterday where my Win explorer will be not responding for no reason. I can't even do anything except to reset straight.

Logfile of HijackThis v1.99.1
Scan saved at 11:37:25 PM, on 8/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Motherboard Monitor 5\MBM5.EXE
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Softwin\BitDefender8\bdnagent.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Michael Tay Tzu Leong [SHINJITE]
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.ms\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MBM 5] "D:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BDNewsAgent] "d:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HDDHealth] D:\Program Files\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FACEA8D-2E41-4181-8AE7-6DB35BFD7A7B}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC0D2D84-6E95-4628-AC76-BAFB5C044B03}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CF06D2-A27A-429C-9484-FD5BB9A7B713}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Your log is clean

Will W32.Rontokbro Worm affect a Windows X64 system that run on 64 Bit system?

This post has been edited by RIGmaster: Aug 15 2006, 10:36 AM

Yeah, if directly ran from my pendrive it gaves that error, the screenshot I've posted before.

Pendrive tak boleh lah. Move the file onto the hard disk.

It cannot run from a networked drive. Must be located on a local drive.

Oh?
is that so... Thanks then

stinger also can clean brontok. or try microsoft malicious software removal tool... the latest version... its quite good and simple...

Have you tried it?
Thanx for sharing.

jananan, are you spamming to raise your post count? You have similar post on 2 threads.

http://forum.lowyat.net/index.php?showtopi...0&#entry8168503

Both posts have no merits.

This post has been edited by sUBs: Aug 18 2006, 06:04 PM

How come people still click on unknown attachments ?

Im not sure what are you talking about.

He means that unknown attactments send by unknown people that contains virus and you'll get infected when opening them...

Oh!
I tot theres a broken link within this thread.
Haha.
BTW, i think most of the people get infected from a USB drive rather than clicking or downloading the infected attachment.

This post has been edited by eggy: Aug 18 2006, 10:56 PM

yea like how I got my first infection

One point, always scan your pendrive before touching anything.

It seems that my uni has Brontok problems on all students because its spreading on the whole network

If only you know how the way they spread.
The worm will automatically infects the PC when u plugged the pendrive eventho u didnt touch anything inside.
Like the autorun function.

Haih..i kena this stupid brontok oso now..

I've heard it's like the autorun feature right?
Plug in a removable drive and then get infected

what is this mean??
i run on my pc and here is the log...

Attached File(s)
 CleanX.txt ( 660bytes ) Number of downloads: 19