Good day

My PC get infected with Worm.Brontok.AI , and when i try to fix manually; I cant get in edit my register, because the adminstrator denie the access. I then use RegAlyzer but get the same problems.


JC

I suggest you first contact your administrator for help. Below is a link to some information from Trend Micro about the malware and what it does to a computer:

https://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBRONTOK%2EAI&VSect=Sn

Here are some more links to some removal resources on the Web:
(1) Trend Micro Housecall scan for malware at https://housecall.trendmicro.com/

(2) CureIt from Dr. Web is a free and comprehensive updated scanner at https://www.freedrweb.com/<br>

(3) Norman also has a good Malware Cleaner (use in Safe Mode) at https://www.norman.com/Virus/Virus_removal_tools/24789/en-us<br>

Regards,

Thanks GuitarBob for your replay. But, i find other issues trying to follow the guide, for example, i cant find the registry entries the guide said. I'm using this other page:

https://www.vsantivirus.com/brontok-cl.htm

And i manage to enter in "regedit" with the .inf file the page recommend, but when i edit a entry, the values i edit became the values that the virus create in the same moment.

Finally, when i run norman malware cleaner in safe mode the sistem restarts.

I thought the information from Trend Micro would help, and Norman's Malware Cleaner is pretty good too. Evidently the virus/malware is modified and either comes with a rootkit or another executable that reinstalls if the original is deleted (becoming more common now).

You might run an antirootkit program and see if helps. Avira's is pretty good and is at https://www.avira.com/en/support/support_downloads.html on the Web. AVG's is also good and is at https://free.grisoft.com/doc/download-free-anti-rootkit/us/frt/0 on the Web. Trend Micro's RootkitBuster is the easiest to use, but it doesn't find quite as much as Avira's or AVG's. Be sure to Google any "bad" processes the antirootkit finds before you delete it--they can't tell if the "hook" is by a useful program or a virus/malware. If an antirootkit doesn't help, all I can do is point you to some places that offer free malware removal help on the Web. You will probably need to download a copy of HijackThis because most of them use the HijackThis log for analysis. You will also have to be patient--it may take a while. There is help at:

A-Squared (Emsisoft) (with initial self help) at https://forum.emsisoft.com/Default.aspx?g=topics&f=38
Castle Cops (with initial self help) at https://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
Malwareteks (same personnel at Emsisoft) (with initial self help) at https://www.malwareteks.com/forum.html
Spyware Warrior has free help and a list of rogue antispyware products at https://www.spywarewarrior.com/index.php

Good luck!

Hello GuitarBob

I run the two anti-rootkit progrmas you said and they dont find anything. Can you post a alternative page to download Hijackthis. I also find a RescueCD from Dell, you think this will fix my malware/worm/troyhorse infectation if i can fix it manually?

But i will continue to try. Also i have Xp media center edition 2005.


JC

Below is a link to the HijackThis download at Trend Micro. I believe they have taken over the program now. I am not familiar with the Dell Rescue Disk. Other thoughts: (1) Try a System Restore to a time before you had the Brontok problem. (2) You might download a trial version of a good antitrojan program and see if that works for you--some people have had good luck with Prevx. If those two suggesions don't help, you'll probably have to get some expert malware removal help from one of the sources in my previous link.

https://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Regards,