Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BRONTOK virus kako ga ukloniti ?!

209 views
Skip to first unread message

Gigi

unread,
Apr 20, 2010, 10:16:32 AM4/20/10
to
Imam spomenuti virus i zanima me kako ga ukloniti i imam jos jedan problem
kad pokusavam nesto skinuti kompjuter se restarta ?!
Hvala na savjetima !


Kef

unread,
Apr 20, 2010, 10:43:42 AM4/20/10
to
Gigi wrote:
> Imam spomenuti virus i zanima me kako ga ukloniti i imam jos jedan problem
> kad pokusavam nesto skinuti kompjuter se restarta ?!

skini za pocetak Sophosov "W32/Brontok variant removal tool

inace, ova metoda obicno pomaze:

preimenuj file MSVBVM60.DLL jer virusu treba taj file.
kad ga preimenujes virus nece raditi, onda resetiras i pobrises ove filove:

* %System%\{User name}'s Setting.scr
* %UserProfile%\Local Settings\Application Data\csrss.exe
* %UserProfile%\Local Settings\Application Data\inetinfo.exe
* %UserProfile%\Local Settings\Application Data\lsass.exe
* %UserProfile%\Local Settings\Application Data\services.exe
* %UserProfile%\Local Settings\Application Data\smss.exe
* %UserProfile%\Local Settings\Application Data\winlogon.exe
* %UserProfile%\Start Menu\Programs\Startup\Empty.pif
* %UserProfile%\Templates\Brengkolang.com
* %Windows%\eksplorasi.exe
* %Windows%\ShellNew\sempalong.exe

restartaj, i to ti je to.

zatim potjeraj onaj removal tool da vidis jel kaj ostalo. nekim dobrim
AV programom bi trebal pregledat cijeli hard da vidis jel ostala gdje
kakva skrivena zaraza...

inace, brontok uredno moze restartat komp.

-------------------------------------------------------

on execution, Win32.Brontok.q creates following files:

%Windir%\PIF\CVT.exe
%UserProfile%\APPDATA\IDTemplate.exe
%UserProfile%\APPDATA\services.exe
%UserProfile%\APPDATA\lsass.exe
%UserProfile%\APPDATA\inetinfo.exe
%UserProfile%\APPDATA\csrss.exe
%UserProfile%\APPDATA\winlogon.exe
%UserProfile%\Programs\Startup\Empty.pif
%UserProfile%\Templates\A.kotnorB.com
%Systemdir%\3D Animation.scr

It creates the folder:

%UserProfile%\Local Settings\Application
Data\Bron.tok-24

%UserProfile%\Local Settings\Application
Data\Loc.Mail.Bron.Tok

It adds following values to registry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
"Tok-Cirrhatus" = "%UserProfile%\APPDATA\IDTemplate.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"Bron-Spizaetus" = "C:\WINDOWS\PIF\CVT.exe"


It modifies following values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
"DisableRegistryTools" = "1"
"DisableCMD" = "2"

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\
"NoFolderOptions" = "1"

--
Znam dovoljno da znam da nista neznam dovoljno

Gigi

unread,
Apr 20, 2010, 11:43:22 AM4/20/10
to
Hvala ti puno !!

"Kef" <as...@shit.net> wrote in message
news:hqkeh3$8hk$1...@speranza.aioe.org...

0 new messages