W32/Brontok.P

:eek: :eek: :eek:
That's the WORST possible thing you could ever do! Running two antivirus programs on one system will cause them to conflict. In other words, they will get confused and provide false positives, etc. It's alright to run more than one Antispyware product on your PC, but I strongly suggest you uninstall either AVG or NOD32. If I were you, I'd remove AVG. It's crap.

I've been using this setup for quite some time, never had any problems with it. I only know of two anti-virus products that conflict (from previous experience) and that's McAfee and Norton.
 
Any two AV products will conflict with each other. It's a proven fact. They also slow down your PC considerably. It's your choice, but I've been in that department for about 2 years. From my experience, I'd recommend you remove one of them. It's up to you though. ;)
 
Any two AV products will conflict with each other. It's a proven fact. They also slow down your PC considerably. It's your choice, but I've been in that department for about 2 years. From my experience, I'd recommend you remove one of them. It's up to you though. ;)

I'll keep that in mind thanks :)
 
I Managed to beat Brontok

WKJ?:beanie >> RESPECT!!!
I suppose if it works for you, it works for you. :)

Some help in case someone else get's infected by this baby (And boy it's nasty!!)
My Gf's aunt needed some help with her pc, and i was the lucky one that got called to assist her.

The virus made a copy of every .mp3, .bmp, .jpg on the machine and gave it a .exe extension (example: SummerHoliday12.jpg > SummerHoliday12.exe).

First I tried to kill some of the processes in task manager, because it owned the CPU, but it shuts down the computer immediately. Thought about running msconfig from the run window to try and stop it from starting but then I remembered about this lifesaving tool, startup inspector.
http://www.windowsstartup.com/
I installed it, and disabled everything I didn't need, and rebooted
After the reboot I installed AVG 7.5 (You need to move quickly here) and without any new virus definitions it picked up brontok immediately. I started a scan to clean the machine, after the scan I updated the virus defs and then scanned again.

She had an ancient MacAfee on there with 2005 definitions, there was about 20 deferent virus' on the machine, maybe that's what saved her, i reckon the where fighting amongst one another for resources :)
Hope this helps.
PS: while moving the utils onto her machine I used my flash disk, it got infected in the process, but the moment I plugged it back into my notebook, AVG Picked it up and cleaned it.
 
I agree - never run two products on the same machine. 1 - they will conflict. 2 - it will slow your box down, files need to be scanned twice. Its also highly unnecessary. Your not going to get double the protection.
 
I use both NOD32 2.7 and AVG Professional 7.5 on my machine

But why? NOD32 isn't even free, are you saying AVG is doing something NOD32 can't do? Worse, are you saying AVG is going to detect a virus which NOD32 won't ?
 
I don't get why people don't run anti virus software with up to date definitions. Once you get infected you are basically screwed. Rather stop it from running on your machine at all!
 
I remember the name of Brontok, though I don't think I've ever been infected by it or had an pc under my control infected.

I reckon Avast would take care of it, but if you combine it with a HIPS system, it should save you some misery. My dad brought home an infected flash drive, and thanks to Comodo Firewall's HIPS, I kept denying the malware a chance to run until Avast had removed it. Was quite fun to see this miserable trojan trying to run and being kicked in the nuts.
 
Heheheheee. Kicked in the nuts. I like that! I've also had this virus so I had to format my HD and reload everything. Running Bit Defender Internet Security now. Its quite good. BTW. there are people that think that antivirus alone is enough. Its not get a full internet security suite especially if you doing online banking.
 
http://www.ranum.com/security/computer_security/editorials/dumb/

Another place where "Default Permit" crops up is in how we typically approach code execution on our systems. The default is to permit anything on your machine to execute if you click on it, unless its execution is denied by something like an antivirus program or a spyware blocker. If you think about that for a few seconds, you'll realize what a dumb idea that is. On my computer here I run about 15 different applications on a regular basis. There are probably another 20 or 30 installed that I use every couple of months or so. I still don't understand why operating systems are so dumb that they let any old virus or piece of spyware execute without even asking me. That's "Default Permit."

A few years ago I worked on analyzing a website's security posture as part of an E-banking security project. The website had a load-balancer in front of it, that was capable of re-vectoring traffic by URL, and my client wanted to use the load-balancer to deflect worms and hackers by re-vectoring attacks to a black hole address. Re-vectoring attacks would have meant adopting a policy of "Default Permit" (i.e.: if it's not a known attack, let it through) but instead I talked them into adopting the opposite approach. The load-balancer was configured to re-vector any traffic not matching a complete list of correctly-structured URLs to a server that serves up image data and 404 pages, which is running a special locked-down configuration. Not surprisingly, that site has withstood the test of time quite well.

One clear symptom that you've got a case of "Default Permit" is when you find yourself in an arms race with the hackers. It means that you've put yourself in a situation where what you don't know can hurt you, and you'll be doomed to playing keep ahead/catch-up.

The opposite of "Default Permit" is "Default Deny" and it is a really good idea. It takes dedication, thought, and understanding to implement a "Default Deny" policy, which is why it is so seldom done. It's not that much harder to do than "Default Permit" but you'll sleep much better at night.

Default Deny FTW!!! :D :D :D

If M$ had any brains, then they would start using Default Deny on their windoze systems to stop viruses and other stuff dead without the need for antivirus and antispyware stuff...
 
But why? NOD32 isn't even free, are you saying AVG is doing something NOD32 can't do? Worse, are you saying AVG is going to detect a virus which NOD32 won't ?

It's happened before ;)

(I know I should've answered it last year, but I honestly didn't see this thread until now) :D
 
Last edited:
I remember the name of Brontok, though I don't think I've ever been infected by it or had an pc under my control infected.

I reckon Avast would take care of it, but if you combine it with a HIPS system, it should save you some misery. My dad brought home an infected flash drive, and thanks to Comodo Firewall's HIPS, I kept denying the malware a chance to run until Avast had removed it. Was quite fun to see this miserable trojan trying to run and being kicked in the nuts.

Had that virus a while ago too. Removed it.

Symptoms like - disabling your "tools/folder options" and constant ie messages popping up saying stuff like. "Dont sell sex for money" etc.

AVG 8.0 Free with a latest update should pick it up, don't know if other anti-viruses does, but from what I hear AVG is shyt so perhaps others work.

Furthermore, it changes a whole lot of your registery stuff, and if you don't know a few things about working in the registry you may be stuck with some basic setting problems.

Finally, This virus is pretty well known, a google seach on it should get you enough info, and even some on how to re-configure your registry entry settings if needed.
 
Here's fix for Brontok and it works...

http://www.sophos.com/support/disinfection/brontok.html

After that go into registry - regedit, and do a search for rontokbro and brontok, you'll definitely find some entries which you can delete, but please export your registry before deleting anything.

After that do a search with Windows Search for the same, brontok and rontokbro, you'll find quite a few folders with similar names in c:\documents and settings\$username$\local settings\application data...

Don't attempt regedit, cmd, or going into that folder without running the fix, it'll restart your pc.
 
Last edited:
Yo! I told you guys, I used avast!, Norton(I know don't tell me), AVG etc. I downloaded every anti-virus known to man but all they could do(well some) was find the virus and delete them but still infected they computer.

I know i don't make sense but this virus is really smart:p

maybe turn off system restore i did that for a virus that kept returning.
and the flash drive well i dont know use avast to plug it in and before you open the flash scan it.
 
you should never have to reformat your machine. I've removed tons of viruses from tons of machines and have never had to reformat.
 
This malware is easy to remove.

Step 1- Run system restore, restore to at least 3 weeks earlier
Step 2- Use HijackThis to remove registry entries
Step 3- Delete all copies of the virus, by looking for folders that look like folders but are actually .exe's
Step 4- Delete all the dropped DLL's in windows/system32

Problem solved, no need for reformat
 
Or boot from a Knoppix CD, use ClamAV to scan and flush the buggers out and all should be well...

Take note that if you've got (for example) an application called mail.exe and it sits in C:\Program Files\Mail\mail.exe the brontok virus will overwrite it as brontok will create a copy of itself called mail.exe :mad:

You won't need to format/reinstall windows after a brontok infestation, luckily.

However, some other kind of viruses will need a format and reinstall, especially when said virus attaches itself to executable files.
 
Last edited:
Top
Sign up to the MyBroadband newsletter
X