ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » User Guides
Reply to topic
how to get rid of Worm.Brontok.AF & Trojan.W32.HotkeysHo
dr_ritesh_singh


Joined: 17 Sep 2007
Posts: 0
Post Posted: Mon Sep 17, 2007 6:10 pm Reply with quote
i use the latest updated versions of clamwin(0.91.2) & winpooch(0.6.6) combo but still my notebook pc got infected & has been paralyzed by the Worm.Brontok.AF & Trojan.W32.HotkeysHook.A. how can i get rid of them for good. please help me.

the details :

Scan Started Mon Sep 17 12:30:31 2007

-------------------------------------------------------------------------------



WARNING: \\?\C:\Documents and Settings\All Users\.clamwin\quarantine\infected.NFSU HUVinyls for v1.1001.0.exe: Can't remove

WARNING: \\?\C:\Documents and Settings\All Users\.clamwin\quarantine\infected.NFSU HUVinyls for v1.2.51733.exe: Can't remove

WARNING: \\?\C:\Documents and Settings\All Users\.clamwin\quarantine\infected.NFSU HUVinyls for v1.3.0.exe: Can't remove

C:\Documents and Settings\lenovo\Local Settings\Application Data\csrss.exe: Removed

C:\Documents and Settings\lenovo\Local Settings\Application Data\inetinfo.exe: Removed

WARNING: \\?\C:\Documents and Settings\lenovo\Local Settings\Application Data\lsass.exe: Can't remove

WARNING: \\?\C:\Documents and Settings\lenovo\Local Settings\Application Data\services.exe: Can't remove

C:\Documents and Settings\lenovo\Local Settings\Application Data\smss.exe: Removed

C:\Documents and Settings\lenovo\Local Settings\Application Data\winlogon.exe: Removed

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJA9MZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=521306409678647864.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJA9MZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=615604146518231823.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJA9MZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=810409129166516651.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJA9MZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=848737637689538953.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJA9MZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=950057742321252125.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJYFYL\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=810409129166516651.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJYFYL\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=950057742321252125.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\07CJYFYL\pc=clamwin;tpc=mswin_server2003;tpc=mswin_me;tpc=mswin_98;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=python;tpc=cpp;tpc=security;ord=536584826915021502.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\0VK5ELIZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=355135089581928192.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\0VK5ELIZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=521306409678647864.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\0VK5ELIZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=615604146518231823.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\0VK5ELIZ\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=950057742321252125.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\0VK5ELIZ\pc=clamwin;tpc=mswin_server2003;tpc=mswin_me;tpc=mswin_98;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=python;tpc=cpp;tpc=security;ord=536584826915021502.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\QDG3CV6P\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=355135089581928192.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\QDG3CV6P\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=521306409678647864.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\QDG3CV6P\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=615604146518231823.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\QDG3CV6P\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=810409129166516651.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\QDG3CV6P\ch;tpc=mswin_server2003;tpc=os_groups;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=winnt;tpc=c;tpc=logging;tpc=system;tpc=security;ord=848737637689538953.ĿN, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\QDG3CV6P\pc=clamwin;tpc=mswin_server2003;tpc=mswin_me;tpc=mswin_98;tpc=mswin_2000;tpc=mswin_xp;tpc=modern_oses;tpc=other;tpc=python;tpc=cpp;tpc=security;ord=677377900987738773.ĿN, No such file or directory

C:\Documents and Settings\lenovo\My Documents\CyberLink\PowerDVD\PowerDVD.exe: Removed

C:\Documents and Settings\lenovo\My Documents\Eidos\Tomb Raider - Anniversary\Default Profile\Default Profile.exe: Removed

C:\Documents and Settings\lenovo\My Documents\media\media.exe: Removed

C:\Documents and Settings\lenovo\My Documents\mini games\mini games.exe: Removed

C:\Documents and Settings\lenovo\My Documents\NEPC\NEPC.exe: Removed

C:\Documents and Settings\lenovo\My Documents\SpoofGuard\SpoofGuard.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\bryan adams\bryan adams.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\creed\creed.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\green day+hoobastank\green day+hoobastank.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\jon bon jovi\jon bon jovi.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\limp bizkit\limp bizkit.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\linkin park+metallica\linkin park+metallica.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\lucky ali+corrs+robbie williams+eagles\lucky ali+corrs+robbie williams+eagles.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\NICKLEBACK+nirvana+pink floyd+papa roach\NICKLEBACK+nirvana+pink floyd+papa roach.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\parikrama+RHCP+coldplay+strings+enrique+50 cent+KK\parikrama+RHCP+coldplay+strings+enrique+50 cent+KK.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\Staind\Staind.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\strings+jal+chandni raatein+switchfoot+mixed\strings+jal+chandni raatein+switchfoot+mixed.exe: Removed

C:\Documents and Settings\lenovo\My Documents\videos\videos.exe: Removed

C:\Documents and Settings\lenovo\My Documents\xmlfiles\xmlfiles.exe: Removed

WARNING: \\?\C:\Documents and Settings\lenovo\Start Menu\Programs\Startup\Empty.pif: Can't remove

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

WARNING: \\?\C:\WINDOWS\eksplorasi.exe: Can't remove

C:\WINDOWS\ShellNew\bronstab.exe: Removed

WARNING: Can't open file \\?\C:\WINDOWS\system32\drivers\dtscsi.sys, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\system32\drivers\sptd.sys, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\system32\drivers\sptd1341.sys, Permission denied

WARNING: \\?\C:\WINDOWS\system32\lenovo's Setting.scr: Can't remove

WARNING: Can't open file \\?\C:\WINDOWS\system32\oobe\dtsgnup.htm, Permission denied

WARNING: \\?\G:\Extra\Need_For_Speed_Underground_V1.1-1.3_Visual_Upgrades_Unlocker_V.1.1-RVL\NFSU HUVinyls for v1.1001.0.exe: Can't remove

WARNING: \\?\G:\Extra\Need_For_Speed_Underground_V1.1-1.3_Visual_Upgrades_Unlocker_V.1.1-RVL\NFSU HUVinyls for v1.2.51733.exe: Can't remove

WARNING: \\?\G:\Extra\Need_For_Speed_Underground_V1.1-1.3_Visual_Upgrades_Unlocker_V.1.1-RVL\NFSU HUVinyls for v1.3.0.exe: Can't remove



C:\Documents and Settings\All Users\.clamwin\quarantine\infected.NFSU HUVinyls for v1.1001.0.exe: Trojan.W32.HotKeysHook.A FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\infected.NFSU HUVinyls for v1.2.51733.exe: Trojan.W32.HotKeysHook.A FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\infected.NFSU HUVinyls for v1.3.0.exe: Trojan.W32.HotKeysHook.A FOUND

C:\Documents and Settings\lenovo\Local Settings\Application Data\csrss.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\Local Settings\Application Data\inetinfo.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\Local Settings\Application Data\lsass.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\Local Settings\Application Data\services.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\Local Settings\Application Data\smss.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\Local Settings\Application Data\winlogon.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\CyberLink\PowerDVD\PowerDVD.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\Eidos\Tomb Raider - Anniversary\Default Profile\Default Profile.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\media\media.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\mini games\mini games.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\NEPC\NEPC.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\SpoofGuard\SpoofGuard.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\bryan adams\bryan adams.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\creed\creed.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\green day+hoobastank\green day+hoobastank.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\jon bon jovi\jon bon jovi.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\limp bizkit\limp bizkit.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\linkin park+metallica\linkin park+metallica.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\lucky ali+corrs+robbie williams+eagles\lucky ali+corrs+robbie williams+eagles.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\NICKLEBACK+nirvana+pink floyd+papa roach\NICKLEBACK+nirvana+pink floyd+papa roach.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\parikrama+RHCP+coldplay+strings+enrique+50 cent+KK\parikrama+RHCP+coldplay+strings+enrique+50 cent+KK.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\Staind\Staind.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\strings+jal+chandni raatein+switchfoot+mixed\strings+jal+chandni raatein+switchfoot+mixed.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\videos\videos.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\My Documents\xmlfiles\xmlfiles.exe: Worm.Brontok.AF FOUND

C:\Documents and Settings\lenovo\Start Menu\Programs\Startup\Empty.pif: Worm.Brontok.AF FOUND

C:\WINDOWS\eksplorasi.exe: Worm.Brontok.AF FOUND

C:\WINDOWS\ShellNew\bronstab.exe: Worm.Brontok.AF FOUND

C:\WINDOWS\system32\lenovo's Setting.scr: Worm.Brontok.AF FOUND

G:\Extra\Need_For_Speed_Underground_V1.1-1.3_Visual_Upgrades_Unlocker_V.1.1-RVL\NFSU HUVinyls for v1.1001.0.exe: Trojan.W32.HotKeysHook.A FOUND

G:\Extra\Need_For_Speed_Underground_V1.1-1.3_Visual_Upgrades_Unlocker_V.1.1-RVL\NFSU HUVinyls for v1.2.51733.exe: Trojan.W32.HotKeysHook.A FOUND

G:\Extra\Need_For_Speed_Underground_V1.1-1.3_Visual_Upgrades_Unlocker_V.1.1-RVL\NFSU HUVinyls for v1.3.0.exe: Trojan.W32.HotKeysHook.A FOUND

----------- SCAN SUMMARY -----------

Known viruses: 153484

Engine version: 0.91.2

Scanned directories: 2882

Scanned files: 43590

Skipped non-executable files: 1246

Infected files: 35



Not removed: 11

Data scanned: 15878.53 MB

Time: 13820.890 sec (230 m 20 s)

--------------------------------------

Completed

--------------------------------------
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Tue Sep 18, 2007 2:22 am Reply with quote
The quick solution is to visit BleepingComputer.Com and ask for help in their forum: Am I Infected? How Did I get That Way? They have experts but it may take a day or so to get to you. They rely pretty heavily upon the HijackThis program, which you can get free from the Trend Micro or A-squared Web sites.

If you want to try self-removal, boot into Windows Safe Mode and run another scan with ClamWin. Safe Mode sometimes prevents malware from hiding, but it won't work against the really hard to delete stuff, and some antivirus software doesn't work very well in Safe Mode. ClamWin works fine, but a scan may take a little longer than usual. If that doesn't work, run a scan with a good antispyware program (something besides LavaSoft or Windows Defender)--you can get free trials from most of them. Try the normal scan and then run it in Safe Mode. If that doesn't help, if you have another antivirus program besides ClamWin installed, run a normal scan with it and then run another in Safe Mode. If you don't have another AV installed, you could try an online scan from NOD32 or Bitdefender (not Kaspersky).

If all this still doesn't help, you've done just about everything you can, unless you are handy with anti-rootkit software and registry editing, so go to BleepingComputer for sure.

Good luck.
View user's profileSend private message
Theoracle117


Joined: 18 Sep 2008
Posts: 0
Location: san diego
Post Posted: Fri Sep 19, 2008 5:20 am Reply with quote
wow your computer seems to be in bad shape. I would recommend you get some back up

1) Get THREATFIRE. this is like an Addon to any av. I wont do much on its own but IT RECOGNIZES VIRUSES THAT ARE NOT EVEN DISCOVERED YET

it focuses on behavior instead of looking for virus definitions and runs on low resources(meaning non laggy computer)

download the free edition. its perfect going with clamwin because threatfire has a VERY LIMITED scan function and is more like a background scanner. *note: pro edition of threatfire is for bisness uses only so dont bother getting it

hope this helps!

CF Ping
View user's profileSend private messageSend e-mail
how to get rid of Worm.Brontok.AF & Trojan.W32.HotkeysHo
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » User Guides
 Reply to topic