system
April 12, 2011, 7:46pm
1
Something creates 44 files infected with this worm and avast deletes them automatically but is annoying. It creates them in c:\documents and settings\all users\documents\my music or my videos called sample music.exe video.exe and so on.Avast automatically deletes them and the folder and my laptop is now booting slower than usual. Some help?
And i searched the web about it and i didn’t open any attachement from emails. Today just started from nowhere.
Pondus
April 12, 2011, 7:48pm
2
check your computer for malware with this
Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
post the scan log here
system
April 12, 2011, 8:02pm
4
Well this is what was found on quick scan .
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6345
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12.04.2011 23:00:54
mbam-log-2011-04-12 (23-00-48).txt
Scan type: Quick scan
Objects scanned: 149862
Time elapsed: 6 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) → Bad: (1) Good: (0) → No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Pondus
April 12, 2011, 8:07pm
5
the log say “no action taken” you need to click the “remove selected button” if you want MBAM to fix
is avast still detecting these files ?
system
April 12, 2011, 8:20pm
6
I quarantined it, restarted and still the slow booting, so far no files detected. And just today i got a security update from windows for net framework 4.
And thanks for quick response, problem fixed for now almost 30 minutes without “manowars” or what it says the pirate :D.
Still having the same problem with brontok?
Hi Left123,
There is a specific cleaning tool, but some av’s flag it: AntiBrontokAen.exe from here:
htxp://www.technize.com/?dl_id=8
Claims to
This tool will kill the brontok process, restore folder options and registry editor and fix system startup.
Scanned it here:
http://www.virustotal.com/url-scan/report.html?id=fb76b4b9141130190d42c03181745456-1302639181
File analysis results:
http://www.virustotal.com/file-scan/report.html?id=51adeb3a1b7ef95c36ce61367b33ce11efdd2b5f74ba41b1f66275dc8e116fe1-1302646715
Wepawet reports suspicious:
http://wepawet.iseclab.org/view.php?hash=fb76b4b9141130190d42c03181745456&t=1302646997&type=js
Analysis by Anubis:
http://anubis.iseclab.org/?action=result&task_id=1334013934bb69914719609447c55fc8f&format=html
No threats could be detected by Anubis, the file could be safe: htxp://www.technize.com/filedownloads/AntiBrontokAen.exe
Anyone knows it is secure?
polonus
Pondus
April 12, 2011, 11:15pm
9
sigcheck:
Anyone knows it is secure?
seems to be made by Bitdefender
Sigcheck:
publisher…: SOFTWIN
copyright…: Copyright (c) 2003
product…: Bitdefender - Removal Tool
description…: Bitdefender - Removal Tool
original name: rt.exe
internal name: Removal Tool
file version.: 0, 0, 0, 0
comments…: Tool engine _ workframe written by Costin Ionescu. Virus detection _ clean written by Raul Tosa.
signers…: -
signing date.: -
verified…: Unsigned
system
April 13, 2011, 6:16am
10
Well i couldn’t run the virus cause avast quarantined and 15 minutes later the 44 files still appeared and avast still deleted them. And i took malwarebyte and problem solved. Thanks for support.
Hi Pondus,
The tool is secure, I got this reported, from Bitdefender, OK, thanks,
polonus