Guide Version 1.3

1.1 What is bro_act.exe?
Bro_act.exe is either virus or trojan that collects your information and will transfer it to a server.
It is currently undetectable by any anti-virus software on press time...

1.2 How do I get infected?
basically, it will spread through thumb drive and through LAN.

1.3 How do I know either I get infected? (check through thumb drive.)
right click your thumb drive in My Computer and if you see bolded "Auto", do not click it. Instead you click explore.
Go to tools->folder options. Click view and check advanced settings.
Click "show hidden files and folders" and untick "hide protected operating system files. (Recommended)". You might see a warning window but just leave it. Click ok.
If you were to see a filename called bro_act.exe, that is the excutables that will affect your PC when you double click your thumb drive or right click and click the bolded "auto".

1.4 How do I know either I get infected? (check through PC)
Go to tools->folder options. Click view and check advanced settings.
Click "show hidden files and folders" and untick "hide protected operating system files. (Recommended)". You might see a warning window but just leave it. Click ok.
Go to your local hard disk eg. c:
Go to WINDOWS\system32\(your PC's name)\
look for system.exe
if it's there, means your PC is infected.

1.5 How do I clean the virus? (infected thumb drive)
Make sure--> Go to tools->folder options. Click view and check advanced settings.
Click "show hidden files and folders" and untick "hide protected operating system files. (Recommended)". You might see a warning window but just leave it. Click ok.
1. start Windows Task Manager, click process.
2. Look for bro_act.exe and end the process.
3. Now right click your thumb drive and click explore.
4. Find these filenames, bro_act.exe, autorun.inf
5. Shift + Delete and delete the file.
6. Now... Go to tools->folder options. Click view and check advanced settings. Untick "hide extensions for known file types". Click ok.
7. Click Search, "All files and folders", put a word or phrase in the file "exe", Change the what file is it criteria to "less than 1 mb", change more advanced option criteria to search for system folders and search hidden files and folders.
8. Click search.
9. Delete every single "exe" that contains the name exactly like your folder. and delete the similar icon exe.
10. Now your thumb drive is clean.

1.6 How do I clean the virus? (infected PC)
Make sure--> Go to tools->folder options. Click view and check advanced settings.
Click "show hidden files and folders" and untick "hide protected operating system files. (Recommended)". You might see a warning window but just leave it. Click ok.
1. download this file: http://download.sysinternals.com/Files/Autoruns.zip
2. unzip it and open autoruns.exe
3. Click logon and wait it loads finish.
4. look for this filename, bro_act.exe
5. untick it and restart your PC in safe mode. Hold F8 when you reboot again to access boot menu. click safe mode.
6. Login and look for c:\Windows\system32\bro_act.exe
7. delete the file. and look for c:\Windows\system32\(Your PC's name)\system.exe
8. Delete that file also.
9. Remember to disable and re-enable your System Restore.
10. Delete everything in the Recycle Bin too.

1.7 Why do I scan with any anti-virus and get no results?
This virus is undetectable by anti-virus and it's new virus which had not been in Anti-Virus softwares "Virus Encyclopedias".

1.8 How did you get the solution?
I think and think for 1 whole day for solution.
I used to detect antivermins as fraud anti-virus software.

1.9 Why would you want to create this guide?
As usual, I am one of the victims.
All credits goes to me as I am the person who create this guide.

Automated guide: RM10 per license. Consider ok lo...
The webmaster of this site told me his capability of his software.
He asked me to link to his website...
http://www.kaer-media.org/penawar-brontok

Version Update:
Version 1.1
Guide set up.
Version 1.2
Updated branch 1.5
Version 1.3
Added branch 1.8

Regards,
HeHeHunter

Note: I do not warranty this guide is up-to-date as the creator of the virus might get smarter by changing in and out of the virus.

Note: Dear ami_kidz125 from cari.com.my, please link http://forum.cari.com.my/viewthread.php?ti...&extra=page%3D1 here...

This post has been edited by HeHeHunter: Mar 2 2007, 04:45 PM

wow impressive!

thanks for the work dude.

haha...good good....

Well, this is the 3rd guide I wrote.

where are the other two?

keep em coming

Read my signatures.
Got another 2

---

Added on January 29, 2007, 10:45 pmEditted: Just found that it copies itself to folders in those thumb drives.

Note: I did not work for any anti-virus software company.

This post has been edited by HeHeHunter: Jan 29 2007, 11:10 PM

nice info !!!!

Well...
The guide is written on the same day where I get infected.
So, it's a miracle for me to fix it right on the spot on that day!

BTW, I've stumbled upon a 'bro_act.exe' for quite a time. Don't remember but it's not new. Perhaps some new variant or modified (i.e. by some script-kiddies/wannabes).

Since you said that it's not among AV Encyclopedia yet, making me a lil bit unsure of what AV your using. I'd recommend 1st. KAV, 2nd. AVG (not that good anyway) and 3rd. Avast. None other. Scrap Norton/McAfee/TrendMicro.

About mutated/modified variants, that's why you should get an AV capable of unpacking the files/runtimes (i.e. KAV). And capable of doing an immediate update of additional module (sometimes without even rebooting, i.e. KAV, AVG, plus their update is daily-basis). Most AV does only a plain signature detection, i.e. Norton, McAfee, TrendMicro (PCCillin). Their so-called Bloodhound (heuristics analysis) is a hoax.

Now I really feel that this should belong in the Technical Help Section

Did you try CleanX-II by sUBs?

Wait, Did KAV detect that damn freaking bro_act virus?
Because I've search many anti-virus encyclopedia and there is not info about bro_act.

I had done goggling and results were stating that they get this virus and did not get any solution.

Bro_ACT is detected by PREVX anti spyware software because it is a spyware, not a virus according to prevx.


www.prevx.com

Use this program to clean the spyware hassle free. Dont need so many steps like what you have stated.

But u still need to remove the files and format your thumb drive though =/

This post has been edited by v i n c: Feb 4 2007, 02:01 AM

*points above quote*

http://forum.lowyat.net/index.php?showtopi...5366&hl=brontok

I am checking that website...

OMG WTF!
It's only detected on Oct 2006!!!
Which means it had been circulated for 3 months!

hey ya... cuba download peawar bro_act ini...
http://www.geocities.com/azam_86/broact.html
harap maklum... cubalah... comfreakz@gmail.com

This post has been edited by phreacker: Mar 7 2007, 05:57 PM

effective huh??

y i cant download it?? no page....

This post has been edited by kmkd: Mar 7 2007, 10:34 PM

Try Portable AntiVirus.
Can download at www.data0.net

Support Malaysian Product.

Sory ... Updated Links for Penawar Bro_Act

[attachmentid=214666]

This post has been edited by phreacker: Apr 7 2007, 11:43 PM