What is Brontok? It’s a virus from the I-worm family. The virus is spread through the network so basically all the pc in a single network will be infected immediately once the infected pc connects into the network. What it does is creating new files which looked like a folder but its actually a .exe file. Unless you’ve enabled the view extensions in the folder options or else you won’t see the .exe extension of the file. The files are approximately 43.7Kb each and normally people will click to open them because they looked like a folder. So after you’ve open it, the virus will run each time during startup and keep on spreading and spreading… into the hard drives.
More troubles coming up. Normally when you click “Tools” in explorer, there’s a “folder options” underneath it. Once the pc is infected with the virus, the Folder Options will be missing, which disabled you to change the options to view the extension of the files. So when you see a new folder appeared from nowhere and you clicked to open it out of curiousity, the virus spread more again. Moreover, the virus disabled the registry edit where you will see this message “Registry edit is disabled by the administrator” everytime you try to edit the registry.
So how to clean the virus then? I found some solution from Symantec.
W32.Rontokbro@mm aka brontok.a
This article is based upon what’s written on Symantec Security Response. The original article can be found here
Read the original page to know much into the technical details. I’ll just extract the information on how to remove it, since u already know what it does and what name it carries.Removal Instructions.
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Disable System Restore (Windows Me/XP)
2. Disable network folder sharing on any folder.
3. Update the virus definitions. Install one if you never had any. Norton and AVG already tested to be working. NOD32 might results to failure if the infections happen for the second time.
4. Boot the pc into safe-mode.
5. Run a full system scan and delete all the files detected. You may want to repeat this step a few times if there’s any file that failed to be removed.
6. After the files are deleted, restart the computer in Normal mode and proceed with the next section.Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.7. Use the Security Response “Tool to reset shell\open\command registry subkeys.”
Link here.
1. To delete the value from the registry
Click Start > Run.Type regedit
Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
“Bron-Spizaetus” = “C:\WINDOWS\PIF\CVT.exe”
Exit the Registry Editor.
To delete the scheduled tasks added by the worm
Click Start, and then click Control Panel. (In Windows XP, switch to Classic View.)
In the Control Panel window, double click Scheduled Tasks.
Right click the task icon and select Properties from pop-up menu.
The properties of the task is displayed.
Delete the task if the contents of the Run text box in the task pane, matches the following:%UserProfile%\Templates\A.kotnorB.com
Or just delete anything that you don’t recognize or remember that you created. Just delete anything suspicious.
Ok now you are almost done. (The steps below are not covered by Symantec.)
Open your folder options (Start > Control Panel > Folder Options). If you failed to do so, follow this step:
Run you regedit.exe again and browse to this code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\NoFolderOptions
Data Type: DWORD = 00000001
Change the DWORD value to 00000000. You may need to restart your computer after that.
Now in the Folder Options, go to “View” tab, untick the option Hide extensions for known file types
Now browse carefully into you documents folder, since most of the time the worm will resides there. Try looking into you pictures folder (eg: My Pictures). If there’s a file that looks like a folder but ends something with .exe, delete it. Most of the time the name will be the duplication of the folder itself. (eg: D:\Documents\My Pictures\personal\personal.exe). The icon will be folder icon so be careful. If you happen to double click it, you will need to remove the virus again.
Check all folders in each drive just to make sure you are clean from it.
Sounds complicated right? I’ve uninstalled my ZoneAlarm Security Suite and installed AVG antivirus. Why I uninstalled it? ZA is almost useless in detecting worms where I found more than 20 files infected by scanning using AVG while ZA can’t find anything at all~! After cleaning, I installed another program, Ewido Anti-Malware, to check there’s any worm or spyware still available. This program is really good as it can detect spywares, worms, trojans, and even keyloggers. I found 160+ files infected after scanning the whole system in Safe Mode. Mostly are just trackers which is not really harmful.
The final steps I did are just following the steps above. In the end, I managed to enable the registry edit and also my folder options again. Now my pc is finally clean from the Brontoks~ I’ve killed you Brontoks!! Yippie!
Update 14 January 2007:
I found some alternative way to delete the virus. Not tested but it is being distributed by popular antivirus programs. Try using the removal tools from Bitdefender and Kaspersky
Download the tools and scan your computer with it. It will remove all the files infected with the Brontok virus. Good luck!~
Tips:
Keep your email network as safe as you can with Exchange server outsourcing. With a reliable company that offers business email and private label Exchange hosting, you will have support to help your computer stay protected. Look into email hosting today!
i kena once. teruk. my whole housemates also kena and i was to be blamed. sad.
my house network is clean from virus.. unfortunately the virus came in from Hamachi when we had other frens connected to the network to play dota… it spread into our network just like tat…
thanx man….
let me try…
Dude,clearing it up from pc is not such a hard work…even by doin ghosting or format pc also can do it(unless u have plenty of files u dun wan to lose)…but there is one problem..and i do hope u have ideas,about prevention…since the latest brontoks can spreads through handy drives,which means it can easily infect the pc again anytime,as long as ur handy drive is ‘dirty’….
regards
in my computer,that key is in this path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\Explorer\NoFolderOptions
anywhere thank you so much T_T
Oakley, clearing the virus is not a hardwork actually.. I’m the one who had a lot of files in my hdd that I can’t del it.. so i try using this trick then… you are right about the virus can spread almost from anything. Prevention? I think the best is having a antivirus software which is updated and can clean these sort of virus. I’m now using AVG btw.. and also install some antispyware programs. Check the files with antivirus programs before accessing it. Thanks for your comments ya~
PppStudio, the key is actually in the path u stated. The steps above is copied from symantec so maybe there’s some typo error for the key link. thanks for stating it out!
baguss juga yaa.. ada yang respect tapi yaa githu deh semakin ada penyelesaian semakin menambah minat dan bakat untuk semakin mencari publisitas.. (n_n)”)
Thanx for this very important issue now-a-days…but one thing I want to know is that …. does any other antivirus except symantec can remove this???
Rontokbro and Brontok are two different worms or similar in damage but different in name?
I have recently installed BitDifender Antivirus & Kaspersky….. Kaspersky catch the worm after update but as a “Generic.Brontok” while BitDefender does not need to be updated….. it also catches with the same name “Generic.Brontok”.
So, please guide me.
I’ll be very thankful to you.
abid.ghaffar@yahoo.com
(Please also CC ur reply to this email)
Ok bye
Take Care
thanks for the reply Abid. Actually Symantec just issued out the ways to clear the virus but their antivirus can’t really clear the virus automatically. So basically you have to clear it manually following the details. I used AVG antivirus which detected the virus but also have to clear everything up manually. I still think that u should get an antivirus that updates from time to time since there’s so many virus came out everyday. So recommendations, I think you should go on with kaspersky or AVG antivirus. btw.. AVG is free.. hehe
Dear DareDevil,
There is another way of fixing the Brontok I that usually do with 100% success with 1 scan using the beloved free edition AVG.
Once you have recognize the threat, disable System Restore & shutdown the PC. Then take out the Harddrive and scanned it with another computer that have an updated AVG (use USB connector preferably).
When healing is complete put the harddisk back into the CPU and Restart. Voila no more threats and the Folder Option fix is not needed. However that startup error message saying “********.exe file is missing” will still be there. Use Regedit to correct the problem as to your rec above.
If you cannot access the Registry, for XP Pro users type “%windir%\system32\gpedit.msc” Goto User Config – Admin Templates – System Folder. In the right pane select “Prevent access to registry tools” and select “Disable” than restart PC. For XP Home user unfortunately you have to download the Symantec reset tools as posted above.
The above information helped me a lot
Thank you
Tons of Thanks to you.
I have cleaned up the PC with AVG and steps given.
but still get *.exe file missing error message persists! how remove this msg at start up!
even i reset the registry setting by symantec tool and did what Shaharuddin Ismail told(%windir…..etc)
also newdot~.dll is also missing(cleaned by mcafee when i installed mcafee b4 tryin AVG). where to find out? or clean up this msg!?
i think u haven’t edit the registry following the steps i given above. Follow the steps to edit the registry in regedit, n the missing *.exe file msg will be gone. On the newdot~.dll, i really don’t know how to fix it. Did it appear when startup as a warning msg as well? maybe u need to reinstall the windows by using the repair option.
i got infected by the same virus but i found a solution… u dont need any antivirus at all… just install DEEPFREEZE!
but theres a catch! once ur drive is frozen, saving to it is not posible anymre! hehehe…. you can save, but once you restart… say goodbye to it…
Hey guys,
Specialy to Symantec! I was just wondering if your solutions are effective????? Rontokbro mass mailing worm will not allow you to open explorer windows. So in reality and not by theory, you cannot install any application because the virus/worm will close any explorer/application windows. Even if you try to be in safe mode, the viruses operation is still in effect. So installing an antivirus in safe mode won’t work either. I dont know if symantecs solution are effective? I tell you what, if the worm/virus is in the memory, you can’t even move or think even a single second to do what is the right thing to do! Because every operation you have will just be in vain because the worm is operating in the memory. The best thing to do is to terminate all suspicious programs running in the memory and then start your expert moves in removing the worm. I found out that the infection will be having 43,072 bytes. So use windows commander to delete all files that have those byte size. As far as my experience is concerned, I manage to remove the worm by simply using WINDOWS DEFENDER from microsoft and terminate all the unpublished programs from the tools/software exporer feature of windows defender. I dont know why the rontokbro allowed me to install the windows defender program and never close the windows of it. So i have the chance to remove the rontokbro virus by tracing its program operation. Indeed it is a mass mailing worm for I have seen it my self all its stored email address. Just use the symantecs recommended step to restore registry access since the worm modifies the registry and disable registry editing. Thanks. More power. From the Philippines. Bye
For more information just email me.
contact nos.
09265146952 (touch mobile/globe)
(063) 221-2612 (PLDT)
Actually, this is not the mass mailing worm. This worm that I’m talking about creates files with virus that look like a folder which is with the .exe extension, where most ppl will open it due to curiosity. Then it’ll keep on spreading again after the folder being opened. Besides that, it disabled folder options so that you can’t change the view options to view the extensions of files.
I understand that there’s a lot of solutions out there. But the solution I posted did clean the virus from my PC. Thanks for your comments.
Hey.. I found another way to clean brontok virus
yes… it’s easy and simple.. i used Penawar Brontok remover
that you can download at
http://www.kaer-media.org/penawar-brontok
i managed to clean my computer labs… its just simple and easy.. and some donation to the programmer of Penawar Brontok to get the full edition, i bought it with a very cheap donation… the program fix & repair all the damaged by brontok virus well.. can scan unknown variant of brontok virus, fix the antivirus installation.. now i can install antivirus without format my hardrive… i also can multiple hardisk, map drive just click and scan.. the speed of scanner penawar brontok is very fast. I’m technican so i grab this Full Edition tool to make my job easier last time i hit by brontok 10,000 !
gosh… Thanks to penawar brontok 
HERE CAN DOWNLOAD COMPLETE ANTI VIRUS BRONTOKS
http://www.bloxster.net/oho
IF HAVE STILL PROBLEM WITH VIRUS BRONTOK, THIS IS THE SOLUTION, YOU CAN FIND AND DOWNLOAD FREE ANTI VIRUS, SO YOU CAN ERASE ALL VIRUS ON YOUR COMPUTER
Here you can download here free anti virus for remove decoil virus, free anti virus tools for erase virus decoil, free anti virus info, free anti virus linux,free anti virus software, free security tools for your PC’s, free anti virus program, free scan virus, free anti spam, free anti brontok and free for all anti virus and than your pc is clean..
http://antidecoil.atspace.com/antidecoil.html
Hi Guys,
I have successfully cleaned my PC the Symantec way. But i have lost a lot of softwares since windows cant find their exe files. for example, i can see the winamp icon on my desktop but if i click it windows says it is searching for winamp.exe file. Even the winamp folder in program files does not show the exe file.
Is there some way i can recover these exe files/softwares without having to re-install them?
Thanx,
Manan
FUCK YOU BRONTOKS OUR MUSLIM BROM HAS FOUND AN ANSWER TO IT, U BRONTOK YOU ARE SON OF A WHORE, A SLUT,A woman WHO HAD BEEN RAVAGED BY AGAIN AND AGAIN!!!NOW U GOT GUTS DO DO ANY THING I WILL FUCK YOU GAL, & UR SIS
Antivirus is the place for the best information and solutions for remove virus on you computer, pc, note book, pda, mobile handphone,etc. Here you can download free antivirus and cleaner all virus on you computer. many software for remove virus on your computer.
Special FOR REMOVE BRONNTOK !!!
anti virus is a tool for remove virus on your computer, pc , note book, here you can find free anti virus, download anti virus, anti virus tools and check your computer; how many virus infect on computer.. here you can find what you need and what you want.Antivirus is the place for the best information and solutions for remove virus on your computer, pc, note book, pda, mobile handphone,etc. Here you can download free antivirus and cleaner all virus on you computer. many software for remove virus on your computer. Ex: ( antivir,antivirus Norman, Mc affe antivirus,Pc cilin antivirus ). you can choice your anti virus.So, don’t be afraid for virus more, we give you here all antivirus tools
Guys!
Someone please answer my question…
Its verrrrrrrrry urgent.
Manan
hi manan, i think u have to reinstall those applications since the exe files are infected by the virus. Are the .exe files being quarantined? just reinstall the program and they will work again.. hope this helps
my pc have been infected with brontok, is it to late to install any *.exe antivirus, what if regedit,msconfig,even folder option has been disabled, what to do? what to do!!?
Once you “BEEN DISABLED EVERYTHING” even regedit is no longer exist… Call Bill Gate, (of course he won’t come) The answer is Format your hard disk and then install new antivirus!
ya formatting c:It’s like re-born but this time with a muscle armour bouncing over your body. stop it before it get in.before it’s to late.
Lynda,brontok removal tool is avaible on /www.bitdefender.sg/
Brontok or whatever it is, after all made by us; is easy to be removed without formating. Mail me about your problem at littlefriendhappy@yahoo.com. Mail me virus names for removal instructions back on your mail… Regards, Little Friend…
ple urgent
Thnx 4 da steps to clear the DARN BONTOKS! all try..
Cheers, Mate! Your explanation saved my computer, my thesis, my life!
Brontoks hid as “c:\my folder\my folder” on my pc. All that is left now is the message “Windows cannot finde [File Name]. Make sure you typed the name correctly, and then try again. …” everytime I re-boot. But I guess I can live with that
. I know that the message should disappear, but it doesn’t even though I have followed your instructions to the book.
For all people who, like me until now, do not have proper up-to-date anti-virus-software on their computer, try “Ultimate Washer” from Ertanto and select one of the infected folders in the browser field. The tool will then detect all similar folders and delete all of them at the same time, allowing you to win the race against the worm. Then proceed with step 6 of this post.
Dear Sir,
I’m having a big problem in my PC. The problem is that when I want to check Folder Options from Tools Menu; they are absent from there. When I try to open Registry or Command Prompt; my computer Accidently ShutDown.
Once I’ve seen a picture. After that this happened. I’ve MCafe 8.0i as an antivirus.
Please
I need a complete manual solution on brontok. Please help.
Thanks.
i was able to remove the virus manually from one of my client’s pc..but mine was a bit different procedure..i can’t open msconfig, regedit, Folder options anymore..so i used Win 2000 bootable CD then I manually one by one eradicated the mother files of the virus. after that all works well…im in a hurry that time for next customer (to be home serviced) who is a doctor, so i dont care anymore about the locked registry..what is important is that applications won’t close anymore as you open them not like when brontok was still active. by the way maybe some will ask why i used that procedure? why i used win 2000 bootable cd? because that pc of my customer in their home has no internet connection..i cant download and i cant find guids from the internet coz theres no connection..and i found out that virus on the spot so so i hav to do it my way, using the bootable cd and thanks a lot that it worked.
I also get that error that appears after each restart, the one about the missing file.
i was wondering, would it be possible to make an .exe file in that directory, that doesnt actually do anything, like it just closes itself?
i have no idea how to make code that can do that, so if this is a possible solution, could someone make some code that just opens and closes a file, and email it to me or something? my email is osamaben_2@hotmail.com.
cheers from Australia, and thanks for the help Daredevil!
DEAR RESPECTED FRIENDS,
THNK YOU ALL FOR THOSE WONDER FUL SOLUTIONS.I HAVE DONE ALL THAT IS WRITTEN BUT THE ONLY PROBLEN IS THAT I CANNOT VIEW THE FOLDER OPTION STILL?
CAN ANY ONE HELP?
PLEASE
PLEASE
PLEASE
hmm.. did u follow this step?
[quote post="158"]Run you regedit.exe again and browse to this code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFolderOptions
Data Type: DWORD = 00000001
Change the DWORD value to 00000000. You may need to restart your computer after that.[/quote]
you may not able to run regedit due to the virus so u need to use the tool from symantec. Hopefully this helps..
by the does any one who created this damn virus!!! son of a bitch doesnt have anythings to do !!!
Hey Rizal ITB, thanks you for the link that u post before because penawar brontok can save my computer at all ! i bought the full edition yesterday ! now my pc are smooth then before.. thanks you ! anyone that miss Rizal message here the link to cure the brontok :
http://www.kaer-media.org/penawar-brontok
it easy enough, fast and very accurate to scan the brontok virus !
Good news at last;;;
Real Thanks mate
Wanna screw de Brontok assshole too…All these days I cant accss my hidden folder exept by using some other mini utility.
TO HELL WITH THE PERVERT BRONTOK
Good Bro…Good
I agree with Titu…a pity some souls still dont have time to taste life lie us…I really pity him,hope he’s still alive if he have no suicide tendency yet.One thing i,m sure ,he’s constipated all de time or can’t satisfy …poor soul..
IVAN
hallo.. Im a IT in a company .. this virus really make me headache.. i try many kind of anti virus but idoest work …i have install avg and try the way you say but i still cannot clean my network for this virus … if i didnt share my network it wont be infected .. if i share a folder the virus will spread into the folder.. help me … how to clean it …
plss… reply as soon as possible
you must disconnect all the pc from the network first because the virus will spread into the network as long as 1 pc is still infected. Only connect those cleaned pc into the network. Follow the steps above and it should be ok. Remember don’t open those folder .exe files.
there is no sharing still can spread ?
Our company have around 40 computer its really hard to make it … if disconnect all the network …we cannot doing our job because we are using My SQL server … got other suggestion ?
I’ve found another alternative solution. Try this website and download the removal tool.. Scan your pc with it.
http://www.bitdefender.com/VIRUS-157247-en–Win32.Brontok.A@mm.html
Hopefully it works for you.
Erm…I got install bitdefender antivirus plus v10.. what the diferences? i scan it but after i scan it ..the software like Digi Scale still cannot work ?? so how ?
some of this virus cannot moved by this antivirus .. the virus detected is Generic.Brontok.B0015626 and WIN32.Brontok.C@MM … two of my computer has damage … the mother board already infected by the virus … it show checksum error.. and another one is cannot detect keyboard … i hope this wont happend to other computer… thanks if you can solve it for me …
Sorry, I dun think I can help much on this. Either is you format your pc and reinstall everything. But I don’t think the virus will somehow infect the motherboards. it maybe affected by some hardware failures for the undetectable keyboard. Good luck..
This is the tools/solutions for that to remove the brontok virus.
Tools:
1. smitfraudfix
2. http://www.ewido.net
3. http://www.pandasoftware.com
4. Hijackthis
Instructions:
Run the tools in order and you will done. When running hijackthis remove the entries that brontok resides and other suspicios entries from your registry. It can also open diasbled registry so registry fixing is no problem.
Note:
Online is the best solution for removing virus from your computer. If you don’t t\have tools like smitfraudfix or hijackthis then searhc through google. Those are free softwares.
Goodluck and have fun repairing !
Omg!! I think I dont want to format all of it… need to work till morning… my work place close at 10pm … never mind its not my prob any more …the panda software cannot install coz the avg stop it from install … but thanks for the help…
dear friend,
i have more works to do in my computer but the virus has already killed me half.please help to find my missing folder options
regards
OMG! is there any way that i can remove all of this brontok thing? im handling 400+ units here! gosh this is not a simple job as others saying! i guess it will take me 10 years to finish cleaning this stuff! hehehehhe! anyways, thanks for the tips! ill find another way to crack this rontokbro! bye!
godbless to all…..
Hi all!
Very interesting information! Thanks!
G’night
Could it be my pc time loading so damn slow is because of Brontok? I would certainly follow your advice on how to delete this.
Hey
Thank you for the info sharing. I’ve read about this from other people’s review & a lot of people give face the same problems about the brontox virus. Its very annoying & personally i have used the same method you suggested – using Bitdefender brontok remover. It works really well !
Thank you
brontok to manage my pc..folder oftion missing and search button cannot use.folder option i can solve..but search button disable i don’t know.how to solve???
help. i’m scared to do complicated stuff with my pc. my pc is not connected to the internet to protect it from viruses because i use it for video editing. but the brontok found its way into my system when i connected a friend’s camera to my ccomputer.
my avg was not updated when it got affected, but i was still able to update it after and so detected the virus. but when i emptied my virus vault, i couldn’t find all the important files anymore in my hard drives (which i assume were infected by the virus).
what do i do? how do i find my files/folders?
desperately need help. my files are important for my work and i have a deadline right now.:((
hi,
if you want to recover your files then log on to google and search for file recovery software with crack and after a bit of searching you can find one. run that software you will find most of your files.
Does anyone know whether Brontok.A can affect a phone ?
Accidently transferred files from my infected computer into a memory stick yet I’m kinda freaked out whether to place it back into my phone or not ?
kudos to the above post have really learn t something new about this virus called brontok. hope to know more about this virus. thanks