problems with Win32:Brontok-CE[Wrm]

Hi,

I’m having trouble with a Win32:Brontok-CE[Wrm] malware.
I searched this forum for solutions but, unfortunately, the previous topics didn’t solve my problem.
In one of them some one said to use DDS to issue a report and post it in the topic, but it seams that I can’t use this DDS.scr tool.
When ever I try to open it, it say’s error launching instaler

Please help me to remove this problem.

follow this guide and attach logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

then one of the malware removers will help you…it may take hours depending on time zone they are in

if you have problems attaching logs, use www.mediafire.com and post the download link

Do as Pondus says provide us with these logs and follow the instructions of the qualified removal expert here meticulously, he will help you with the removal process.

And only after that has been performed and when the malware has been cleansed fully from your computer,
here is what you can do to prevent re-infection:

A free tool to check if you have all the software updates and patches is Secunia Software Inspector.
Get it from here: http://secunia.com/vulnerability_scanning/online/
For W7 security check here: http://windows.microsoft.com/en-us/windows7/Security-checklist-for-Windows-7
For Vista security check here :http://windowshelp.microsoft.com/Windows/en-US/Help/245c9fae-e1dd-4112-853b-65f68404aafc1033.mspx
For XP checklist from Labmice: http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

polonus

I tried downloading Malwarebytes, but when I try to install it, I receive an error:
The sistem cannot find the path specified.

Any ideeas why?

I also tried running OTL, but after a 10 min scan this error came up

http://www.mediafire.com/?r945fx87qzgkr9y

So what know?

This is caused by that malware. If after installation, MBAM will not run, open the Malwarebytes’ Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe. Change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run. If this would be to no avail you could try to run SAS, download free version from : http://www.superantispyware.com/ and provide the logs thereof. Then go on follow the requirements from: http://forum.avast.com/index.php?topic=53253.0
Later a qualified malware remover will look into the logs you have provided us and propose a unique cleansing script for your particular infection,

polonus

Hello again,

This stupid malware is getting on my nerves >:(
Regarding the extention change for MBAM to bat, com etc. The MBAM won’t even install. I tried to change the ext. for the instalation kit but it’s pointles. The dam thing just won’t install it keeps saing the path isn’t found.

I also tried instaling SAS. This one is installing but when I trie to launch it it just won’t start (no error, i just double click it and nothing). I tried to change the ext. to SAS launcher as above, but nothing.

Please Help!!! :((((

brontok is a dangerous worm…change all your passwords as it can steal passwords…

see here:
http://www.sophos.com/support/disinfection/brontok.html

Try DrWeb

http://www.freedrweb.com/livecd/how_it_works/

or

http://www.freedrweb.com/liveusb/how_it_works/

Looking at the image the malware is blocking the command prompt

So run OTL with the following scan script

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT

Hi essexboy

I tried running OTL with the script you gave me but at the end it gave me this error:

http://www.mediafire.com/?zew17w9aesp210u

OK lets go a different route

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After instaling SAS on a prtable stick. I did a quick scan an this is the log i got.

Hope this will solve my problem’s

All SAS has done is remove some cookies… Did you run combofix ?

Nop I didn’t try combofix.
I’m still waiting for other solutions.
I’m not really comfortable with disabling my avast will beeing infected with this malware.

Are you sure it’s safe to disable my anti-virus?

Are you sure it's safe to disable my anti-virus?
to run combofix you have to.... Essexboy knows what he is doing, he is a trained and certified malware remover

Well maniacu_mnc,

You could not be in better hands. Essexboy is one of our top qualified removal experts. He has performed more removal routines than any of us here in a whole lifetime. He has qualifications of one of the best online training institutions, g2g. All these online malware removal training schools have the highest of standards and see to it that these high standards are kept. The removal trainees are not allowed to help outside bootcamp and only under guidance. After they have proven they are up to it, they are being qualified. Essexboy has trained many already.
We recommend that you follow up his instructions meticulously, later you can clean all off the specialist tools, re-enable our beloved avast again and utter a big sigh of relief, believe me,

polonus

Ok, tonight, will do as instructed by Essexboy.

Many thanks to all for the suport

I will post tonight the result.

So hello again
I just finished running combofix and this is the log that i got

P.S. I don’t know if it’s just my imagination, but my laptop seems to be going a little slower now

Hmm you had a renv infection haven’t seen one of those for a while

Could you run a fresh OTL scan now - selecting all users and let me know what problems remain
There will only be one log this time