Brontok is a computer worm which spreads through emails and USB drives. There are so many variants of brontok but they basically work similarly.

How do I know if my system is infected?

  • You can’t start Regedit.exe
  • When trying to start any other registry editor, the system restarts
  • The system also restarts when executing certain EXE files
  • The presence of the following files:
    %WINDIR%\\eksplorasi.pif
    %UserProfile%\\Local Settings\\Application Data\\smss.exe
    %UserProfile%\\Local Settings\\Application Data\\services.exe
    %UserProfile%\\Local Settings\\Application Data\\lsass.exe
    %UserProfile%\\Local Settings\\Application Data\\csrss.exe
    %UserProfile%\\Local Settings\\Application Data\\inetinfo.exe
    %UserProfile%\\Local Settings\\Application Data\\winlogon.exe
    %UserProfile%\\Start Menu\\Programs\\Startup\\Empty.pif
    %UserProfile%\\Templates\\WowTumpeh.com
    %WINDIR%\\%CURRENT_USER%’s Setting.scr
    %WINDIR%\\ShellNew\\bronstab.exe
    All these files have the size of the worm’s main executable: 42,028 bytes(About 42 KB).

What does it do?

  • Disable Folder Options
  • Disable Registry Editor
  • Installs itself in the startup
  • When in memory, it will restart the system if any program involving the registry is started

How to remove Brontok?

Download and run this brontok removal tool from below:

AntiBrontokAen.exe (38.0 KiB, 57,235 hits)

This tool will kill the brontok process, restore folder options and registry editor and fix system startup.