yes maybe yahoo NAV 2005 S its no detect the virus that old skool ma...

as i stated i was NAV 2006 not 2005

this virus is really FARK, FARK MAN, i couldnt even open the folder options or initiate any anti-virus programs, GOD BLESS Windows System Restore.

i wonder how i got this virus, can anyone tell me how? izit just when ppl click on an .exe application then it happens?

EDIT: oh yea, the biggest question, how do i prevent this shit from ever happening again? using AVG free antivirus is good enough?

This post has been edited by sUBs: Mar 28 2006, 04:21 PM

yeah...
if u got a infected pendrive and plug to ur pc and click the *.exe files..
ur pc are most capable to get infected...
but if u copied the infected files into ur hdd and leave it alone u wont get infected...
BUT depends on the brontok version itself.. the latest version of it will jst get itself freely into ur system at the same time when u plug in ur pendrive eventho u didn browse ur pendrive
which really pain in d A**!!
rite now with the latest virus updates i think AVG can detect the virus and secure ur pc...

This post has been edited by eggy: Mar 28 2006, 04:27 PM

the latest the virus type that you get.. the smartest the virus will be. it will try to block everything that is need to clean it, install an executable file that run on startup, and hide itself in certain folder. usually it spread through usb drive. install avg antivirus and its updates and scan all the usb drive that is connected to your computer.

but if already infected.. the first thing to do is run hijackthis to delete all things that is related to antivirus software name with connection to localhost 127.0.*.* which is the virus command to block your access to your antivirus and your antivirus website.

if only u can run hijackthis tool
i think if u run hijackthis after few secs sure it automatically shutdown..

ya.. it will automatic shutdown all the antivirus program.. any new solution about this?? my fren pc(in same LAN) is inflicted by an unknown virus, it will automatic shutdown it browser or sth else , it is it call brontok?? my com is inflict by i-worm-bronktok.n , just use AVG delected 3000+ of the trojan. restart pc it come back again. any solution for this both virus?

if i plug in a pendrive tat hv this virus into my pc n scan it, will it detected??
o the virus attack my pc at the 1st moment i plug it to the pc??

walau...my gf hp oso kena d...
kong ar....

my pc get affected in feb, i google out some solution but seem difficult to work out, then i try system restore & it work! now, my fren pc get affected (through pen drive) and he try to install a new anti virus to remove it, on the half way of installation, the system shut down itself. The worst thing is now the pc can boot anymore even in safe mode. any suggestion? thanks

i have read articles at http://www.vaksin.com/ where thay said that there are many varians of Rontokbro but it is devided into 3 generation.

first generation of Rontokbro has size around 80KB atau more. these can easily be clean because it only active at "Normal mode" but it will already start blocking to certain windows function of registry editor, msconfig, task manager and folder options. the good news is it doesn't block other useful tools software such as HijackThis, ProceeXp or Pocket Killbox. the virus will duplicate into file in every folder and subfolder where it has the same name with the folder or subfolder with the extention .EXE. then it will try to establish Ddos connection attack to certain website. it also can update itself through internet by downloading virus from the spesific site that it has determine.

the second generation has size around 42KB or more. at this level, it has the ability to be active in safe mode and start blocking the useful tools of HijackThis, ProceeXp and Pocket Killbox. it has the same ability as the previous generation with addtional action of adding a command on file HOST [C:\Windows\System32\Driver\ETC] to block access to antivirus websites.

the third generation has size around 45KB or more. it has the same ability of all the previous generation with additional ability to active even safe mode and safe mode with command prompt.

if you are infected with the second generation where you starting to cannot use HijackThis, ProceeXp and Pocket Killbox tools and entering safe mode, you need to do these steps.

a. Restart computer and enter "safe mode with command prompt", by pressing button key [F8] while the computer restart.

b. When you have enter into "Command Prompt" mode press button key [CTRL] + [ALT] + [Del] altogether. next, choose [Task Manager]. when the Task Manager appear, click menu [File] choose [New Task (Run..)], then type [explorer] at [create new task file] window. after that, click enter.

c. then the desktop appear (by means that you have enter into "safe mode" mode)

d. write this script below and save in notepad with the name repair.inf, and run the file by right click [repair.inf] choose [install]). this is to activate registry editor function, enable [folder option] and delete the string that has been created by the virus.


[Version]
Signature="$Chicago$"
Provider=Vaksincom

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, SOFTWARE\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Run,Tok-Cirrhatus
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Bron-Spizaetus


e. run msconfig, go to tab [startup] and delete option [Smss], [Empty] and [Sempalong]

f. restart the computer and follow instruction a. and b. again in order to make the "Folder option" in windows explorer appear.

g. go into folder options, tab [view], advanced settings.. choose [show hidden files and folders]

h. delete file at

- C:\Windows\, with the name eksplorasi.exe (hidden)
- C:\Windows\shellnew\, with the name sempalong.exe(hidden)
- C:\Windows\system32\, with the name %username"s Setting.scr (hidden)
- C:\Windows\pss\, with the file name [Empty.pifStartup]
- C:\Documents and Settings\%user%\Local Settings\Application Data\, with file name
01. Bron.tok-[x]-[y], where [X] and [Y] shows number
02. Loc.Mail.Bron.Tok
03. Ok-SendMail-Bron-tok
04. csrss.exe
05. inetinfo.exe
06. Kosong.Bron.Tok.txt
07. lsass.exe
08. NetMailTmp.bin
09. services.exe
10. smss.exe
11. Update.3.Bron.Tok.bin
12. winlogon.exe
13. smss.exe

i. Edit file autoexec.bat in directoty C:\ and delete command line [pause]

j. delete scheduled tasks that has been made by Rontokbro (click [Start], [Settings], [Control Panel], double click menu [scheduled tasks].

k. delete files that has been made by the virus by using search function.
- click [Start]
- click [Search], click [For Files or Folders]
- choose [All files or Folders]
- click option [What size is it ?]
- choose option [Specify Size (in Kb)]
- in combo box, choose [At most] fill file size [43], click [Search]
- delete all icon folder that has extention .EXE (application) that are 42KB in sized

l. restart your computer. install anti-virus with updates such as avg antivirus and scan all drive in your computer.

Just go look for Hiren's BOOT CD 7.7 and create a boot cd. boot up with this cd and scan your system with the option to delete infected files...

AVG rules weh
norton???!!


depends on ur antivirus software...
if it can detect the virus so u dont need to worry bout to get infected
jst plug it in and if theres any brontok it sure tells you...


whoaah..
this is my first time i heard brontok infected hs...



nice infos..
thanx fo sharing...
btw the script is same as mine


maybe u can share with us where can we find it...
have u tried it before and is it working?

My computer also kena this virus.....

and i tried to use Mr. Q's method of removing it but cannot also...

when i boot in safemode with command prompt....the virus is also active there as well...

i tried burn my data out and wanna format but cannot burn coz nero said cannot find the path for the file that i am burning....but the files are there....

i have a lot of stuff in my computer.....

my norton 2005 is up to date but y still cannot detect and delete arr???

now cannot even startup norton.

please help...

thanks...

any one can help???

AVG and norton can seem to detect the virus......

coz i tried scanning the infected thumbdrive....

the easiest way is to go to safe mode and activate system restore, and restore your system to the date that your pc wasnt infected yet. It worked like a charm for me. To actually remove it manually takes quite alot of tasks which are daunting.

i disabled system restore......so i can't restore back.....

aiyark....cannot kill process maaa....
when run ProcessExplorer.exe also cant...this prog will automatically close...
anyone help...any idea...

sry fo d late reply..being bz lately



hav u tried it before?
my friend who disabled the system restore have no problem with restoring back his system...


the best method rite now is restoring ur pc using any restoring points available...


ur AVG is up 2 date is it?
coz mine can detect it just fine...

If really cannot, DL the symantec cooperate edition!
I say symantec! not norton. Then update it.
No sweat, last time I let my friend scan my HDD with it, after 1 day[coz late @ night tat time], it removed all the viruses, but still need some minor tweaking in the folder option and the startup loading sux virus...

haha
its gud to try something new

can i use antivirus program in a pendivre to scan? i mean i extract it to pendrive..