View Full Version : remains of brontok
shashanktyagi1
22-11-2006, 01:48 AM
i recently got brontok in my compu which the updated version of avg quite succesfully removed. but on startup this error comes.
cannot find c:\windows\keesenge(something).exe there is no such boot up prog in msconfig.
how do i remove it?
Kiran_tech_mania
22-11-2006, 08:04 AM
It appears that AVG has removed the Virus, but the registry entry of the virus is not changed. Perform Registry scan using a good registry software. If problem still persists, perform these steps:
1. Take a registry back up using a registry backup tool
2. Download:UnHookExec.inf (http://securityresponse.symantec.com/avcenter/UnHookExec.inf) right-click and 'Install'. This is a registry entry. It does not display any notice when you run it.
3. Restart PC
anandk
22-11-2006, 05:17 PM
install and run ccleaner (http://www.ccleaner.com).
also use its startup tool to remove any relevant entry if u c it.
reboot. revert.
Akshay
22-11-2006, 05:45 PM
I used Kaspersky to clean brontok. It cleared everything without ne prbs.
shashanktyagi1
25-11-2006, 02:25 AM
it is not even allowing modification of registry. whenever i try to run regedit it says that registry editing has been blocked by the admin. i am the admin. so how to open it again. i am using win Xp pro sp2.
anandk
25-11-2006, 07:37 PM
please work in safe mode. ie run ur av/as/ccleaner again in this mode.
else download and use Brontok Washer (http://www.softpedia.com/get/Antivirus/Brontok-Washer.shtml) or Brontok Removal Tool (http://www.bitdefender.com/VIRUS-157247-en--Win32.Brontok.A@mm.html) .
sac_meer
26-11-2006, 01:19 PM
which type of brontok in ur pc brontok.a,brontok.b or brontok.c try panda antivirus and it solve ur reg prob as well as virus prob. but after install ur pc might be start slow but after scan virus u can uninstall safely.
or u can try another method try to insall panda, in installtion wizard it will ask u to performe a full scan of ur pc try this option and perform a full scan of ur pc, after complete scan u can cancle the installtion process. thats simple for all type of brontok
Kiran_tech_mania
26-11-2006, 02:47 PM
it is not even allowing modification of registry. whenever i try to run regedit it says that registry editing has been blocked by the admin. i am the admin. so how to open it again. i am using win Xp pro sp2.
Registry editing is disabled by this virus. For enabling registy editing download the registry entry which I specifed in my earlier post. Just download and right-click 'run'.
Registry editing must get enabled.
shashanktyagi1
27-11-2006, 01:20 AM
thanx kiran. that registry entry did the trick. will see if it remains after restart. regedit now opening fine.
__________
registry opening but that startup entry still there. how to remove it?
Kiran_tech_mania
27-11-2006, 08:46 AM
^^^
Welcome.
Open the registry editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
Delete the value
"Bron-Spizaetus" = "C:\WINDOWS\PIF\CVT.exe" if exists.
then perform registry cleaning
Download: http://www.filehippo.com/download_ccleaner/
vBulletin® v3.7.0, Copyright ©2000-2008, Jelsoft Enterprises Ltd.