Win32:Brontok-CE >>> Help Plz

I just got a warning Win32:Brontok-CE (Wrm), and in the action column it says “Move to Chest”. My question: does it mean the virus is being isolated already and not need me to worry to infect my other files or programs? or its only saying is being qarantine for a temporary and i still need to do something about it? Because the warning now keep popping up every 7 minutes and its getting annoying. :-\ :-\

many thanks
ngn

Forgot to mention, it says the file name that being infected is my C:\Users\hp\documents\In\In.exe and C:\Users\hp\documents\Out\Out.exe

It seems i got this virus from my colleague’s flashdisk.

thanks

Hi

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop.

Attach log reports (DDS.txt) back to topic.

hi argus,

mmmm the report is very long, u want me to post all in here?

lower left corner > Additional Options > Attach ( log )

thanks pondus for ur reply, but i cant attach the txt file that i have save. Dont know why, it doesnt appear when i want to attach.

upload file(s) to mediafire ( http://www.mediafire.com/ )and post the link here

thanks again pondus. now i can upload direct to here. I realized just before i run the DSS under sandbox; once i change to “open normally”; then it can be saved. :slight_smile:

Download the OTM on the Desktop.

http://oldtimer.geekstogo.com/OTM.exe

 Double-click the Start OTM.exe

 The (left) window (below the Paste Instructions for Items to be Moved) Copy everything inside the field code:
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"JP595IR86O"=-
:files 
C:\Users\hp\AppData\Local\Temp\Ahg.exe

:commands
[purity]
[emptytemp] 
[EMPTYFLASH] 
[Reboot] 

Click MoveIt!

After rebooting the system, logfile will automatically open in Notepad.
It is necessary to merge the contents of the log on the forum.

dear argus or pondus,

here is the result (see attachment)

More problems?

yes argus. after i run OTM, the problem still occured. It still creating that kind of virus. eg: filename.exe

what should i do?

to argus:

sorry i forgot to restart ;D . I will restart first, and see the results.

thanks

ngn

Re run DDS

Save both reports to your desktop.

Attach log reports (DDS.txt) back to topic.

dear argus,

after i restart, it seems the brontok warning already gone now. :slight_smile:

but why now is abit slow when i turn it on my laptop?

many thanx ::slight_smile:

Download The Avenger to the desktop.
http://swandog46.geekstogo.com/avenger2/download.php

 Unpacks the archive into a folder

 Double-click the Start [b]avenger.exe[/b]

 Copy the text contained within the Code field in the (white) window:
Drivers to delete:
Tdxnus

Click Execute and then Yes in the next two windows will open

 The computer will restart (in some cases, two times) and will begin the process of cleaning / scanning

 Once the process is completed, the logfile C: \ avenger.txt will open in Notepad

Copy the contents obtained the logo in the topic on the forum.

hi argus,

i did as you said. but it came with a window saying: the driver can not be found

now is a bit better, it doesnt take much time to start my windows.

when i start my laptop and has opened the windows, default is no desktop but is opening my library. How to change become desktop?

many thanks.

Thats quite intresting you would get something like Brontok, Brontok is quite a old threat, but I guess old malware writers know the new tricks now.