Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Brontok-aa On Multiple Computers

  • Please log in to reply
3 replies to this topic

#1 rmena


  • Members
  • 3 posts
  • Local time:11:25 AM

Posted 27 July 2007 - 03:15 PM

Hi, I've got a big problem, it started on one computer and has now gone to all others (12) so everytime i clean up one of them it gets infected right away. I use Avast on all of them and it identifies the virus but still isn't able to get rid of it. I have deactivated Windows Restore but the problem persist. Each computer does something different. One of them just won't start. The others keep sending a message that the comp is infected with Brontok-AA and every time it gets rid of the virus it duplicates, mainly on shared folders.

Many thanks for your help.

BC AdBot (Login to Remove)


#2 oldf@rt


  • Members
  • 2,609 posts
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:25 AM

Posted 27 July 2007 - 03:45 PM

Is this a work environment or a home environment?

Make sure that avast is completely up to date on each computer.

Download Spybot Search & Destroy

make sure that it is installed and updated on every computer.

disable the network connection on each computer, every computer must not have any network access.
for the duration of this fix.
restart each computer in safe mode, run a full system scan with Spybot, clean everything that it finds, if it wants to finish cleaning by restarting, do not restart yet. log out of each account and log onto another account, and cleanup each account on each machine separately.

once that is done, rescan with Avast, this must be done in safe mode also.
restart the machine, in safe mode to let spybot finish its cleaning. once spybot is done, restart the machine again, and do not activate the network connection until all machines have been cleaned.

Edited by oldf@rt, 27 July 2007 - 03:46 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 rmena

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:25 AM

Posted 30 July 2007 - 09:24 AM

Thank you for your reply. It is a work enviroment. I already have scanned the computers with spybot and avast and cleaned up everything they found. I will do it again on every account on each computer. I'll let you know how it went.

#4 buddy215


  • Moderator
  • 13,324 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 AM

Posted 30 July 2007 - 11:18 AM

If Spybot doesn't do it for you, here is a link to Bitdefender's removal tool.
Removal instructions:

Method 1: Let BitDefender deletes the files it finds infected with the worm.
Method 2: Download and run the removal tool, using the link at the top of this page.

The removal tool will:

Find any Brontok-infected files on your computer
Kill the worm's processes
Restore acess to Regedit
Restore access to Folder Options
Restore the default values for those entries that the worm changes.
Delete (or fix) the startup entries related to the worm.

Link to Bit Defender's online scan:
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users