remove brontok virus manually

If you have faced the irritating effects of Brontok, you definitely know what is it and how powerful it is. Just to update your info about this virus, and its capabilities, here is a brief introduction.

remove brontok virus manually

What is Brontok Virus?

Brontok Virus was made in Indonesia, and the it was named after a bird called Elang Brontok. The virus comes as kangen.exe file attachment in an email. Kangen refers to “miss with someone/something”. When the file first executes, it copies the virus to the application data directory of the user, which itself is a sensitive location. Once it puts the command to start-up itself with the windows logon, in the registry, it does a lot of irritating and security-related stuffs. For example,

  • Disable the registry editor.
  • Edit Windows Explorer settings.
  • Makes itself a “hidden file” and removes the folder option icon in tools menu. So it becomes extremely hard to find it, and remove it.
  • Turn off Firewall.
  • In some cases, when a certain word is found in the window title (eg. “App data”) – it reboots the system immediately.
  • Delete an address typed by user in explorer window, before completion.
  • To spread the virus on a large-scale, it sends itself to all email IDs found on the computer by using user’s email address.
  • You can remove the virus using command prompt, but… When you open command prompt, it reboots the computer.

There are a lot more things that it does, I’ve mentioned just a few. I guess, the list in enough to tell you how powerful the virus is. Don’t worry, you can remove it easily. Just follow the steps below.

How to Remove Brontok Virus Manually in Windows?

Anti-virus can remove it easily, but if you don’t have that or the anti-virus fails to do it, you can do so by these simple steps:

1. Start your computer in safe-mode with command prompt and type the following command to enable registry editor:-

reg delete HKCUsoftwaremicrosoftwindowscurrentversionpoliciessystem /v “DisableRegistryTools”
and run HKLMsoftwaremicrosoftwindowscurrentversionpoliciessystem /v “DisableRegistryTools”

After executing the above command, your registry editor will be enabled.

2. Go to Start -> Run (or press windows key + R) and type regedit

3.  In the Registry Editor, go to: HKLMSoftwareMicrosoftWindowsCurrentversionRun

4. In that location, delete the entries which contain ‘Brontok’ and ‘Tok-‘ words.

5. Restart you computer.

6. Open registry editor again, and go to this path to enable folder option in tools menu:

HKCUSoftwareMicrosoftWindowsCurrentversionPoliciesExplorer ‘NoFolderOption’

7. Delete this entry and restart ur computer once again.

8. Search *.exe files in all drives (search in hidden files also).

9. Remove all files which are displayed like as a folder. (In simple words, a folder with a ‘.exe’ extension)

10. That’s it! You’re computer is Brontok-free now.

Do share this article to help others in removing Brontok virus manually (Windows).

2 thoughts on “How to Remove Brontok Virus Manually (Windows)

  • March 5, 2020 at 9:06 am

    all these years later, and I find it on a VM someone shared with me, dang. I have it isolated (I hope) in a virtual machine guest on a MAC, so I do not believe there is infection beyond the WIndows border, but I’m worried about a possible thumb drive. I see how it gets into windows, how does it mutate into a USB drive that appears to have zero files on it?

  • November 8, 2012 at 9:16 pm

    lmao that will not do it lol as Brontok also runs it’s own versions of your system processes such as crss modules so your instructions will not work as when you reboot back to regular windows, you will be infecting yourself yet over again. Then if someone had a usb flash drive on the same system before well they now have on their flash drive which means guess what you will get yet infected again!!!!

    i have a computer store and due to this nasty Brontok which i my opinion is one of the most dangerous yet less harmful spyware out there, that I made it a policy to use Puppy Linux on 8 gig flash drives/or cdrom to boot into clients systems first to check the system out first looking for this spyware, if we do not find it (know locations) then we can take the drive out of the client machine and work on it on the windows 7 workstations. We also call the customer if we find brontok and tell them to bring in any sd cards or flash drives they have as 100% they will also be infected.

    The problem is Windows itself, Brontok should not have access to running system processes, yet it can infect them very easily so this is a Microsoft problem, it’s very funny as the local admin does not have access to them however spyware can SILLY!!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.