Win32:Brontok-CE[Wrm] trouble

Something creates 44 files infected with this worm and avast deletes them automatically but is annoying. It creates them in c:\documents and settings\all users\documents\my music or my videos called sample music.exe video.exe and so on.Avast automatically deletes them and the folder and my laptop is now booting slower than usual. Some help?

And i searched the web about it and i didn’t open any attachement from emails. Today just started from nowhere.

check your computer for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update before you scan so you have the latest database
click on the remove selected button to quarantine anything found

post the scan log here

Win32/Brontok
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32%2FBrontok
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Worm:Win32/Brontok.BL@mm

Well this is what was found on quick scan .
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6345

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.04.2011 23:00:54
mbam-log-2011-04-12 (23-00-48).txt

Scan type: Quick scan
Objects scanned: 149862
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) → Bad: (1) Good: (0) → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

the log say “no action taken” you need to click the “remove selected button” if you want MBAM to fix

is avast still detecting these files ?

I quarantined it, restarted and still the slow booting, so far no files detected. And just today i got a security update from windows for net framework 4.

And thanks for quick response, problem fixed for now almost 30 minutes without “manowars” or what it says the pirate :D.

Still having the same problem with brontok?

Hi Left123,

There is a specific cleaning tool, but some av’s flag it: AntiBrontokAen.exe from here:
htxp://www.technize.com/?dl_id=8
Claims to

This tool will kill the brontok process, restore folder options and registry editor and fix system startup.

Scanned it here: http://www.virustotal.com/url-scan/report.html?id=fb76b4b9141130190d42c03181745456-1302639181
File analysis results: http://www.virustotal.com/file-scan/report.html?id=51adeb3a1b7ef95c36ce61367b33ce11efdd2b5f74ba41b1f66275dc8e116fe1-1302646715
Wepawet reports suspicious: http://wepawet.iseclab.org/view.php?hash=fb76b4b9141130190d42c03181745456&t=1302646997&type=js
Analysis by Anubis: http://anubis.iseclab.org/?action=result&task_id=1334013934bb69914719609447c55fc8f&format=html
No threats could be detected by Anubis, the file could be safe: htxp://www.technize.com/filedownloads/AntiBrontokAen.exe
Anyone knows it is secure?

polonus

sigcheck:

Anyone knows it is secure?
seems to be made by Bitdefender

Sigcheck:
publisher…: SOFTWIN
copyright…: Copyright (c) 2003
product…: Bitdefender - Removal Tool
description…: Bitdefender - Removal Tool
original name: rt.exe
internal name: Removal Tool
file version.: 0, 0, 0, 0
comments…: Tool engine _ workframe written by Costin Ionescu. Virus detection _ clean written by Raul Tosa.
signers…: -
signing date.: -
verified…: Unsigned

Well i couldn’t run the virus cause avast quarantined and 15 minutes later the 44 files still appeared and avast still deleted them. And i took malwarebyte and problem solved. Thanks for support.

Hi Pondus,

The tool is secure, I got this reported, from Bitdefender, OK, thanks,

polonus