My firewall (disabled by Brontok) detects the worm and Avast! detects a serious problem but cannot name nor delete it. Every time I run a scan my computer goes to blue screen and restarts. I get the message from Avast! that a virus is operating in the memory and I should do a boot-up scan. During the boot-up scan, it quits halfway and reboots. I have tried every manual and numerous automatic removers but nothing works. I cannot find the following paths in the regedit:
—HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOption
If you have the genuine Brontok,then you will have to wait for someone a bit more experienced.The fact you can use regedit,seems strange. There is a fake Brontok warning.
Please try and download MBAM.
You may have problems installing,updating,and running.If this is so,rename the set up file ( eg moon.exe ) Then install, if you cannot update,download the definitions manually,using another pc,and double click to install.Then go to C\program files\malwarebytes antimalware\ mbam.exe and rename mbam.exe, then double click on renamed file.
If I do a search for the processes(ie winlogon.exe, csrss.exe, lsass.exe ) I find them in the system32 folder and in service pack files. How could I not have the Brontok worm when my firewall and Avast! detects it, I have the processes running, and my PC keeps going to bluescreen and crashing?
BTW is Malwarebytes’ Anti-Malware trusted? I has detected 74 infected files so far… Kind of up there with the “virus scanners” that are a scam.
Absolutely, we are NOT in the habit of suggesting untrustworthy applications.
MBAM is currently one of the best specialist anti-spyware/malware applications, you only have to check the forums to see it being widely used (see posters signatures and you will see it) and recommended.
Post the contents of its log and we can look into what it detected.
I’m sorry for apparently insulting you so badly. You DO NOT need to insult me in return. That is just uncalled for. I asked a simple question, that’s ALL. I WILL report you next time. I may not know as much about security as you do, that is why I am asking you. I found it suspicious, that’s ALL.
This is a friendly forum and new members are welcome from the uber geek to the n00be that just installed avast!.
Using a computer can be quite intricate so when something is not clear sometimes further explanation is necessary geared to their understanding.
@haleybrontok
It is wise to be suspicious on today’s malware infested Internet with all the bogus malware removers and phishing scams happening now but the ratings of the posters are clearly displayed on the upper left of their ID and after a while you will see who are the best helpers.
-= You might probably need to rename the .exe file since Brontok is blocking files with wildcards related to Antivirus & Antispywares… For example, any word with the letters AVAST shall be terminated so naming it SOMETHING or anything else will help prevent it from being terminated… Somehow, if that is a new variant, this trick might not easily work…
I used the Brontok Removal Tool from Sophos and I think it’s gone ;D. My windows firewall isn’t popping up with the warning anymore and my browser doesn’t redirect me. Thanks!