Win32.Brontok

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Got the following from a friend.......and she is not a novice.  From
what I see on Google, this is either a rogue spyware  or a real
virus.....can someone tell me which one??

She has 2 or 3 computers and I suggested she download MBAM and give it a
go.

Thoughts, anyone??  I haven't seen it mentioned on here.

Thanks...Heather
------------------------

Been having virus problems - got a pop up re: Win32.Brontok being
blocked by the firewall. Have run all the virus software, done a
clean, etc, and can't get the firewall popup about disabling this to
go away and stay away.

Any thoughts? Is the "firewall" popup actually the virus?



Re: Win32.Brontok

Heather wrote:
Quoted text here. Click to load it

Hello Heather:

Using MBAM /would/ be one of the first suggested actions.  In addition
to MBAM, you may also wish to use SAS in the safe mode.

        <http://www.superantispyware.com/index.html

What is the complete version of the OS, and how was the malware
originally identified?

Please update this thread with your progress.

HTH

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Win32.Brontok


Quoted text here. Click to load it

Hi Pete.......heard from her this morning but she is now away for the
day.  I would assume XP and I also assume that she and her husband have
at least 4 computers which have their own servers and both of them are
IT people.  (aka geeks, according to her, grin)

They ran a couple of a-v programs after I posted this and found some
other things, but not this one.  See my reply to David for the warning
from the Firewall.  And the fact that she doesn't run an active
antivirus because of the alleged protection from her servers.

Thanks.......Heather (Figgs)



Re: Win32.Brontok


| Got the following from a friend.......and she is not a novice.  From
| what I see on Google, this is either a rogue spyware  or a real
| virus.....can someone tell me which one??

| She has 2 or 3 computers and I suggested she download MBAM and give it a
| go.

| Thoughts, anyone??  I haven't seen it mentioned on here.

| Thanks...Heather
| ------------------------

| Been having virus problems - got a pop up re: Win32.Brontok being
| blocked by the firewall. Have run all the virus software, done a
| clean, etc, and can't get the firewall popup about disabling this to
| go away and stay away.

| Any thoughts? Is the "firewall" popup actually the virus?


Hi Figgs:

This is worm that propogates throught email and net shares and can perform a DoS
on hard
coaded tragets.

As a worm it is trageted by anti virus software.  I can't speak of MBAM and SAS
working on
it as they tend to traget trojans and not viruses and worms.  Albeit they may
target some
worms.

You said your friend "Have run all the virus software..."
Plaese have her/him define WHAT anti virus software had been used.

Note that the McAfee and Sophos modules of my Multi AV should do well to remove
this
threat.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Win32.Brontok


Quoted text here. Click to load it

Thanks David.  I heard from her early this morning and they have run a
couple more a-v programs, but she didn't name them.  Both she and her
husband are IT professionals (how embarrassing) and she alone has 2
servers that she downloads her mail from.  Unfortunately, because the
servers have virus and malware protection, she is not running an active
antivirus proggie.

She sent a pic of the warning and it is the "Security Centre Alert" box
naming the subject worm and asking her if she wants to block it and/or
download and run protection.

She is away for the day, but I will hear from her this evening.  I sent
her your explanation and she will see that.  I told her to d/l and run
MBAM and Superantispyware last night, so not sure if those are the
programs that her husband ran, along with antivirus ones.

I will get back to you once I know, but it was late last night when she
wrote me and I couldn't see what I considered "valid information" on
Google other than what I said.  I assumed it was the rogue
program....wrong.  But I hadn't noticed any mention of it on here or the
MS group.

Don't know if it is the worm or just server things I am not aware of,
but often our emails are held up for hours.  Perhaps it is the latter.
I only proofread a couple of websites for her......she does the hard
stuff.  (G)

Cheers....Figgs




Re: Win32.Brontok



Quoted text here. Click to load it

Hi Dave.....heard from her and they used F-Prot.....twice.  But it keeps
coming back from the sound of it.  The firewall keeps popping up.  I
have done enough reading on this to realize it has put something in the
registry, I assume.

It is one old worm!!  She is torn between "is it a worm, or is it some
rogue spyware imitating the Firewall".......but I can't say on that one.

I sent her the page from Sophos to remove worms.  But I didn't have your
Multi-AV instructions and I would have a problem figuring out the German
site too.  I checked in my OE folders and for some dumb reason, I didn't
save it.  Can you either send it to me via private email or post it
here??

Thanks in advance.......and thanks for the help.

Figgs
Quoted text here. Click to load it



Re: Win32.Brontok

It's a worm.

Quoted text here. Click to load it



Site Timeline