problems with Win32:Brontok-CE[Wrm]

[maniacu_mnc]

Hi,

I'm having trouble with a Win32:Brontok-CE[Wrm] malware.
I searched this forum for solutions but, unfortunately, the previous topics didn't solve my problem.
In one of them some one said to use DDS to issue a report and post it in the topic, but it seams that I can't use this DDS.scr tool.
When ever I try to open it, it say's error launching instaler

Please help me to remove this problem.

[Pondus]

follow this guide and attach logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0


then one of the malware removers will help you....it may take hours depending on time zone they are in


if you have problems attaching logs, use  www.mediafire.com  and post the download link

[polonus]

Do as Pondus says provide us with these logs and follow the instructions of the qualified removal expert here meticulously, he will help you with the removal process.

And only after that has been performed and when the malware has been cleansed fully from your computer,
here is what you can do to prevent re-infection:

A free tool to check if you have all the software updates and patches is Secunia Software Inspector.
Get it from here: http://secunia.com/vulnerability_scanning/online/
For W7 security check here: http://windows.microsoft.com/en-us/windows7/Security-checklist-for-Windows-7
For Vista security check here :http://windowshelp.microsoft.com/Windows/en-US/Help/245c9fae-e1dd-4112-853b-65f68404aafc1033.mspx
For XP checklist from Labmice: http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

polonus

[maniacu_mnc]

I tried downloading Malwarebytes, but when I try to install it, I receive an error:
The sistem cannot find the path specified.

Any ideeas why?

[maniacu_mnc]

I also tried running OTL, but after a 10 min scan this error came up

http://www.mediafire.com/?r945fx87qzgkr9y

So what know?

[polonus]

This is caused by that malware. If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe. Change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run. If this would be to no avail you could try to run SAS, download free version from : http://www.superantispyware.com/ and provide the logs thereof. Then go on follow the requirements from: http://forum.avast.com/index.php?topic=53253.0
Later a qualified malware remover will look into the logs you have provided us and propose a unique cleansing script  for your particular infection,

polonus

[maniacu_mnc]

Hello again,

This stupid malware is getting on my nerves 
Regarding the extention change for MBAM to bat, com etc. The MBAM won't even install. I tried to change the ext. for the instalation kit but it's pointles. The dam thing just won't install it keeps saing the path isn't found.

I also tried instaling SAS. This one is installing but when I trie to launch it it just won't start (no error, i just double click it and nothing). I tried to change the ext. to SAS launcher as above, but nothing.

Please Help!!!!!! (((

[true indian]

brontok is a dangerous worm....change all your passwords as it can steal passwords...

see here:
http://www.sophos.com/support/disinfection/brontok.html

[REDACTED]

Try DrWeb

http://www.freedrweb.com/livecd/how_it_works/

or

http://www.freedrweb.com/liveusb/how_it_works/

[essexboy]

Looking at the image the malware is blocking the command prompt

So run OTL with the following scan script

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

[maniacu_mnc]

Hi essexboy

I tried running OTL with the script you gave me but at the end it gave me this error:

http://www.mediafire.com/?zew17w9aesp210u

[essexboy]

OK lets go a different route

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[maniacu_mnc]

After instaling SAS on a prtable stick. I did a quick scan an this is the log i got.

Hope this will solve my problem's

[essexboy]

All SAS has done is remove some cookies..  Did you run combofix ?

[maniacu_mnc]

Nop I didn't try combofix.
I'm still waiting for other solutions.
I'm not really comfortable with disabling my avast will beeing infected with this malware.

Are you sure it's safe to disable my anti-virus?