Aftermath of a virus/worm!

Hitboxx · 11-03-2008, 05:13 PM

My Windows XP/SP2 was infected with a virus/worm recently(can't remember the name though) and it was removed using AVG Free Antivirus with latest definition updates. The system is back to normal and is working fine except for one quirky thing. I get this message everytime I start XP.

I have tried the manual registry editing, X-setup, manual startup and services but still am unable to find the source of this entry, I know its there somewhere in the registry but where. If anyone can help me trace it, I would appreciate it.

Thanks.

ITTechPerson · 11-03-2008, 05:18 PM

HAve u tried "msconfig" ? I think it will should be in the startup list of msconfig.

Hitboxx · 11-03-2008, 05:27 PM

Yes, seen there too, but not there.

I forgot to add one more thing, if it helps to identify the virus, during the virus period, the system would run fine except some lag during internet operations and also had registry editor and msconfig disabled. Other than this, there wasn't any visible damage.

ray|raven · 11-03-2008, 05:34 PM

Dude try this: In Regedit ,goto

Quote:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon

There you should see this:

Quote:

Shell = Explorer.exe "C:\Windows\eksplorasi.exe"

Change it to

Quote:

Shell = "Explorer.exe"

Should work.

Hitboxx · 11-03-2008, 05:43 PM

Thanks man, that should work. If anybody wants to know, I had this in the above mentioned location

Quote:

Explorer.exe "C:\WINDOWS\eksplorasi.exe"

ray|raven · 11-03-2008, 05:49 PM

^Anytime.

krazzy · 11-03-2008, 09:26 PM

Actually Googleing the whole error message would've given you the solution much faster. Same thing happened to me once and thats what I did.

uzair · 12-03-2008, 05:58 PM

The virus u r taking about is the brontok virus

anandk · 14-03-2008, 12:03 AM

run ccleaner and see ...

**ico** · 14-03-2008, 01:34 AM

Quote:

Originally Posted by uzair

The virus u r taking about is the brontok virus

+1, Its Brontok....

Brontok/Rontokbro was a very good friend of mine in my school.

Every computer was infected with it.

Its characterstic is: It creates an .exe which has an icon of a folder with the same name as the folder in every folder. So, the user gets fooled that it is a folder or not. But actually, if you click on the file, you can clearly see that it is an .exe in the Details panel on the left side. of the explorer.

Here are some removal tools. They'll help you in removing the registry entries and other infections if they remain:
http://download.bitdefender.com/reso...rontokA-en.exe
or
http://www.sophos.com/support/cleaners/brontgui.com
or
http://dnl-eu5.kaspersky-labs.com/utils/klwk/klwk.zip

Try everyone of them. This is what I did in my school.....

Also, do install a good AV like NOD32 or Kaspersky. If you want a Free AV, then I'll say to have avast instead of AVG. AVG is the worst.....