The Brontok virus is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses obtained from the affected computer. The Brontok virus came from Indonesia. When Brontok is first run, it copies itself to the user’s application data directory. It then configures itself to start with Windows, creating a registry entry under the registry key HKLMSoftwareMicrosoftWindowsCurrentVersionRun. Disables Windows Registry Editor (regedit.exe) and modifies Windows Explorer settings. Removes the “Folder Options” option in the Tools menu so that hidden files, where hidden, are not easily accessible to the user. It also disables the Windows firewall. Variants of the Brontok worm include:
- Brontok.A
- Brontok.B
- Brontok.C
- Brontok.D
- Brontok.F
- Brontok.G
- Brontok.H
- Brontok.I
- Brontok.K
- Brontok.Q
– Start your computer in safe mode with command prompt and type the following command to enable the registry editor:-
reg delete HKCUsoftwaremicrosoftwindowscurrentversionpoliciessystem /v “DisableRegistryTools”
and run HKLMsoftwaremicrosoftwindowscurrentversionpoliciessystem /v “DisableRegistryTools”
– After this, your registry editor will be enabled.
– Now type explorer
– Go to Run and type regedit
– Then follow the following path:-
HKLMSoftwareMicrosoftWindowsCurrent VersionRun
on the right side, delete the entries that contain words ‘Brontok’ and ‘Tok-‘.
– After that, reboot your system
– Now open the registry editor and follow the path to enable the folder option in the tools menu
HKCUSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer ‘NoFolderOption’
delete this entry and restart your computer
– Now search for *.exe files on all drives (also search for hidden files)
delete all files that are displayed as a folder icon.