Wednesday, December 2, 2009

Remove brontok virus manually

"Brontok virus" came from Indonesia.After infecting with this virus in the first run, it copies itself to the user's application data directory. It then sets itself to start up with windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run Registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user.



Removal procedure:-
Start ur computer in safe mode with command prompt and type this command to start registry editor

reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"

after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run

on the right side delete the entries which contain 'Brontok' and 'Tok-' words.

after that restart ur system
open registry editor and follow the path to enable folder option in tools menu

HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer

and search *.exe files in all drives (search in hidden files also)
remove all files which are displayed as folder icon.



voila virus has been successfully removed.



0 comments:

 

Computers made easy 4all Copyright © 2009 Gadget Blog is Designed by Ipietoon Sponsored by Online Business Journal