Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Brontok Worm Infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Daehhcol

Daehhcol

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 07 May 2009 - 11:30 AM

As with user Jkrebs, I have been receiving a message that pops up daily, reading:

Do you want to block this suspicious software"
Name: Win32.Brontok
Risk Level: High
Description: This worm spreads via the Internet as an attachment to infected messages. It sends itself to email addresses harvested from the victim machine.

I also just started getting another message, this time from Windows Genuine Advantage, I will let you know as soon as it pops up again what it said.

When I open my firefox (normally opens to google), the following is displayed on the page:

Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing. (Note: this link is java script:go_protect() )
Continue to this website unprotected (not recommended). (Note: this link is java script:show_alert() )

As with Jkleb, I also used peer-to-peer and probably obtained this virus doing so.

Please let me know if I can provide you with any additional information, and thank you so very much for all of your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 12 May 2009 - 08:10 AM

Hi Daehhcol,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Looks you forgot to post the main DDS log. Some helpers don't gamble taking a log when they don't now what are they dealing with.

Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open. Copy and paste the one which opens and attach the one which will be minimized.:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 14 May 2009 - 06:22 PM

Are you still there, I'll wait one more day before closing the topic.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 18 May 2009 - 04:02 PM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users