Go Back   Cyber Tech Help Support Forums > Software > Malware Removal


Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Topic Tools
Old February 25th, 2007, 08:08 AM
dokgu_011189 dokgu_011189 is offline
New Member
Join Date: Feb 2007
Posts: 1
Unhappy help on BRONTOK needed.. please..: Moved from XP by Murray

I had this virus Brontok.ae
I want to remove it as soon as possible..
I already used the HiJackThis software and here is the result:

Logfile of HijackThis v1.99.1
Scan saved at 10:48:23 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntim e.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C14D4B8-0223-41DD-9991-E2C435012DCC}: NameServer =,
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)

..please help me..
thanks a lot!!
Reply With Quote
Old February 25th, 2007, 09:15 PM
G_Dem G_Dem is offline
CTH Subscriber
Join Date: Dec 2005
O/S: Windows XP Pro
Location: London
Age: 41
Posts: 3,219
Hi dokgu_011189,

I will be reviewing your HijackThis log and will get back to you soon.
Reply With Quote
Old February 26th, 2007, 10:10 AM
G_Dem G_Dem is offline
CTH Subscriber
Join Date: Dec 2005
O/S: Windows XP Pro
Location: London
Age: 41
Posts: 3,219
Hi dokgu_011189,

Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop.

Right-click on UnHookExec.inf and select Install.


Then download CleanX-II by sUBs from here to your desktop.

Disconnect from your internet access. If this is dsl/cable or similar connection make sure no modem is operating, or physically disconnect from the computer if necessary.

Close all programs at this time. Then do the following to clear your System Restore.

Go to Start > Run - type control sysdm.cpl,,4 (and Enter).
Check the "Turn off System Restore on all drives" (and Apply).
Then turn it back on by unchecking the same box (and OK).

Then double-click on the CleanX-II.exe you downloaded to start the repairs. You will receive a warning - click OK to run the repair process.

Once the scan is complete (it may take several minutes, so allow it to finish) it will provide a text log of the results. If the log shows any files remaining in the bottom portion (under "POST RUN ANALYSIS") run the entire scan a second time. Then locate C:\REPORT.TXT log it creates and post that back here. If the second scan also shows files in the lower portion go ahead and post the results back here for review (no need to run it an additional time)


After that is completed Go here for an online AV scan (requires IE to run).

Scan "Local Disks" and when finished save the scan log and then post the log here.


Go Here and download Silent Runners to your desktop. Run it, wait for the popup to say it has completed and post back here the log it creates. If your AV queries the script, allow it to run, it's not malicious. It will create a file named Startup Programs.


Also please post a fresh HijackThis log along with the text from C:\REPORT.TXT, the Panda scan results and the Silent Runners log. Thanks.
Reply With Quote


Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Brontok Virus! HELP: moved from XP Soudager Malware Removal 301 February 19th, 2010 01:34 AM
Just Don't get it: Moved from 98 by Murray Cjcclarke Malware Removal 13 January 19th, 2008 02:30 AM
Generic.Brontok: Moved from WinNT by Murray HermanIonline Malware Removal 1 June 8th, 2007 12:22 AM
Help needed please: Moved from XP by Murray ah24 Malware Removal 20 March 19th, 2007 09:43 PM
Brontok.A virus. help - moved by Tom dudeb123 Malware Removal 4 October 22nd, 2006 05:58 AM

All times are GMT +1. The time now is 07:55 PM.