remains of brontok

shashanktyagi1 · Nov 22, 2006

i recently got brontok in my compu which the updated version of avg quite succesfully removed. but on startup this error comes.
cannot find c:\windows\keesenge(something).exe there is no such boot up prog in msconfig.
how do i remove it?

Kiran.dks · Nov 22, 2006

It appears that AVG has removed the Virus, but the registry entry of the virus is not changed. Perform Registry scan using a good registry software. If problem still persists, perform these steps:

1. Take a registry back up using a registry backup tool
2. Download:UnHookExec.inf right-click and 'Install'. This is a registry entry. It does not display any notice when you run it.
3. Restart PC

anandk · Nov 22, 2006

install and run ccleaner.
also use its startup tool to remove any relevant entry if u c it.
reboot. revert.

Akshay · Nov 22, 2006

I used Kaspersky to clean brontok. It cleared everything without ne prbs.

shashanktyagi1 · Nov 25, 2006

it is not even allowing modification of registry. whenever i try to run regedit it says that registry editing has been blocked by the admin. i am the admin. so how to open it again. i am using win Xp pro sp2.

anandk · Nov 25, 2006

please work in safe mode. ie run ur av/as/ccleaner again in this mode.
else download and use Brontok Washer or Brontok Removal Tool .

sac_meer · Nov 26, 2006

which type of brontok in ur pc brontok.a,brontok.b or brontok.c try panda antivirus and it solve ur reg prob as well as virus prob. but after install ur pc might be start slow but after scan virus u can uninstall safely.

or u can try another method try to insall panda, in installtion wizard it will ask u to performe a full scan of ur pc try this option and perform a full scan of ur pc, after complete scan u can cancle the installtion process. thats simple for all type of brontok

Kiran.dks · Nov 26, 2006

shashanktyagi1 said:
it is not even allowing modification of registry. whenever i try to run regedit it says that registry editing has been blocked by the admin. i am the admin. so how to open it again. i am using win Xp pro sp2.

Registry editing is disabled by this virus. For enabling registy editing download the registry entry which I specifed in my earlier post. Just download and right-click 'run'.

Registry editing must get enabled.

shashanktyagi1 · Nov 27, 2006

thanx kiran. that registry entry did the trick. will see if it remains after restart. regedit now opening fine.
__________
registry opening but that startup entry still there. how to remove it?

Kiran.dks · Nov 27, 2006

^^^
Welcome.
Open the registry editor:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete the value
"Bron-Spizaetus" = "C:\WINDOWS\PIF\CVT.exe" if exists.

then perform registry cleaning
Download: *www.filehippo.com/download_ccleaner/

remains of brontok

shashanktyagi1

Journeyman

Kiran.dks

Technomancer

anandk

Distinguished Member

Akshay

Cyborg Agent

shashanktyagi1

Journeyman

anandk

Distinguished Member

sac_meer

Broken In

Kiran.dks

Technomancer

shashanktyagi1

Journeyman

Kiran.dks

Technomancer