HomeSecurity

Remove the Brontok worm

Like Tweet Pin it Share Share Email

Brontok is a computer worm which spreads through emails and USB drives. There are so many variants of brontok but they basically work similarly.

How do I know if my system is infected?

  • You can’t start Regedit.exe
  • When trying to start any other registry editor, the system restarts
  • The system also restarts when executing certain EXE files
  • The presence of the following files:
    %WINDIR%\\eksplorasi.pif
    %UserProfile%\\Local Settings\\Application Data\\smss.exe
    %UserProfile%\\Local Settings\\Application Data\\services.exe
    %UserProfile%\\Local Settings\\Application Data\\lsass.exe
    %UserProfile%\\Local Settings\\Application Data\\csrss.exe
    %UserProfile%\\Local Settings\\Application Data\\inetinfo.exe
    %UserProfile%\\Local Settings\\Application Data\\winlogon.exe
    %UserProfile%\\Start Menu\\Programs\\Startup\\Empty.pif
    %UserProfile%\\Templates\\WowTumpeh.com
    %WINDIR%\\%CURRENT_USER%’s Setting.scr
    %WINDIR%\\ShellNew\\bronstab.exe
    All these files have the size of the worm’s main executable: 42,028 bytes(About 42 KB).

What does it do?

  • Disable Folder Options
  • Disable Registry Editor
  • Installs itself in the startup
  • When in memory, it will restart the system if any program involving the registry is started

How to remove Brontok?

Download and run this brontok removal tool from below:

AntiBrontokAen.exe (38.0 KiB, 57,659 hits)

This tool will kill the brontok process, restore folder options and registry editor and fix system startup.

Comments (33)

  • u r giving very good tips toger rid of my headeachs thanks to u all team . keep it up
    good work

  • This website has been of great help to me.It has given me a lot of useful tips .

  • Very good tips. it help me well.

  • thanks for giving this awsome RavMon removal tool

  • Thanks. It does remove the “windows eksplorasi” during start-up. Keep up the good work guys

  • thankxs for the ravmon removal tool and mini tutorial here in your blog.

    i got a problem with my mother’s computer though, i downloaded the brontok remover, but everytime i run it the pc just restarts.. cant quite figure out why yet.

  • I am a victim of Brontok worm: I used the above mentioned tool but did not kill it compeletely; I still cannot run cmd.exe: XP just re-boots!

  • I have all the above mentioned processes running, my regedit wouldn’t open, my task manager was disabled, but the processes’ size isn’t 42KB. A few processes have greater size, and a few have less. I have an Antivirus that just shows up Worm.Win32.Autorun virus many times though I delete it each time. I’m unable to make out if i’ve been infected with Brontok. I even scanned with the Brontok removal tool, but nothing happened. But one thing did happen, I got a stop error screen that says BAD_POOL_CALLER. With this the no. of stop error screen messages increased to two. Please help!

  • this site is great. its really helped me from a sleepless night thanks so much and keep the feed alive.

  • GreaT Tnx for sharing this Software… I Love It your GreaT…^_^

  • Excelente …. very good…

  • thanx alot guyz for the support dis website rox 🙂

  • I have a about.Brontok.A virus on my system (Vista Home Premium) and every time that I try to download a virus removal or any kind of program the computer restarts by itself. What should I do?
    Thanks in advance for your help.

  • Albert, this is what I did,

    Right click and Save as….

    Rename the exe file with a new extension before you download the file (for example: AntiBrontokAen.EXA ) and then in your Hard Disk rename again the file to .exe an voila !!

    The restart happens only when you try to download .exe files because of the damn brontok worm.

  • I Dont Know which Virus Have In My Pc
    The Task Manager Disable Itself And Also
    Some Error And 3 .EXE Files Are Auttometicaly Create in Temp Folder Itself And I Can Not Delete It From My Computer
    Will u Plz Reply Me What Is This ?
    and Plz Send Me Removal tool Link

  • I Dont Know which Virus Have In My Pc
    The Task Manager Disable Itself And Also
    Some Error And 3 .EXE Files Are Auttometicaly Create in Temp Folder Itself And I Can Not Delete It From My Computer
    Will u Plz Reply Me What Is This ?
    and Plz Send Me Removal tool Link

  • Thank you… i have been searching like 3 days for this simple answer wooow you are sooo helpfull dude!!! thanks a lot, this remove Brontok tool really works!!! thanks body….great website this one…..gracias muchas gracias….^_^

  • i reaally thank of technize to remove brontok worm virus from my PC i was suffering from last so many days but i got your refernce from someone then i got relief.

    • Sachin thanks alot for the feedback. Keep visiting and if you have any questions, just contact us. We’ll get back to you with a solution.

  • Thanks for care

  • this is amazing.works well.thanx

  • help pls…it didn’t function….i tried this and i tried also other but it didn’t work….how can i remove brontok worm it appears always on my picture folder….pls help…i have a terrible head ache now…thanx!!!

  • How to remove brontok.T worm?

  • really this site helped me a lot. thanks:)

  • Muchas gracias, sitios como este hacen de la web un lugar mejor.

  • thank you very much for your tips ….. its great!!!!!!! and working properly i was going to format the pc to remove the virus … bt its helps me to remove the virus .

    thanks

  • work great thanks

  • Pls do keep me posted of ur upcoming tools

  • huhuhuhu… my server effect brontok latest… plzzz help me

  • thank you technize team.. it really helps a hot.. i have saved my time from fomatting the computer.. You guys rocks.. continue our softwares service of all the people around world..
    thank you once again.

  • It said it detected and deleted a bunch of files but I had two that it couldn’t delete. I went to the folders that they were in and manually deleted one but I couldn’t find the other. I’m not sure what more I can do?? Help!

  • thanks great help …

Comments are closed.

privacy policy