If you have faced the irritating effects of Brontok, you definitely know what is it and how powerful it is. Just to update your info about this virus, and its capabilities, here is a brief introduction.
What is Brontok Virus?
Brontok Virus was made in Indonesia, and the it was named after a bird called Elang Brontok. The virus comes as kangen.exe file attachment in an email. Kangen refers to “miss with someone/something”. When the file first executes, it copies the virus to the application data directory of the user, which itself is a sensitive location. Once it puts the command to start-up itself with the windows logon, in the registry, it does a lot of irritating and security-related stuffs. For example,
- Disable the registry editor.
- Edit Windows Explorer settings.
- Makes itself a “hidden file” and removes the folder option icon in tools menu. So it becomes extremely hard to find it, and remove it.
- Turn off Firewall.
- In some cases, when a certain word is found in the window title (eg. “App data”) – it reboots the system immediately.
- Delete an address typed by user in explorer window, before completion.
- To spread the virus on a large-scale, it sends itself to all email IDs found on the computer by using user’s email address.
- You can remove the virus using command prompt, but… When you open command prompt, it reboots the computer.
There are a lot more things that it does, I’ve mentioned just a few. I guess, the list in enough to tell you how powerful the virus is. Don’t worry, you can remove it easily. Just follow the steps below.
How to Remove Brontok Virus Manually in Windows?
Anti-virus can remove it easily, but if you don’t have that or the anti-virus fails to do it, you can do so by these simple steps:
1. Start your computer in safe-mode with command prompt and type the following command to enable registry editor:-
reg delete HKCUsoftwaremicrosoftwindowscurrentversionpoliciessystem /v “DisableRegistryTools”
and run HKLMsoftwaremicrosoftwindowscurrentversionpoliciessystem /v “DisableRegistryTools”
After executing the above command, your registry editor will be enabled.
2. Go to Start -> Run (or press windows key + R) and type regedit
3. In the Registry Editor, go to: HKLMSoftwareMicrosoftWindowsCurrentversionRun
4. In that location, delete the entries which contain ‘Brontok’ and ‘Tok-‘ words.
5. Restart you computer.
6. Open registry editor again, and go to this path to enable folder option in tools menu:
7. Delete this entry and restart ur computer once again.
8. Search *.exe files in all drives (search in hidden files also).
9. Remove all files which are displayed like as a folder. (In simple words, a folder with a ‘.exe’ extension)
10. That’s it! You’re computer is Brontok-free now.
Do share this article to help others in removing Brontok virus manually (Windows).