Author Topic: Brontok Disinfection  (Read 3832 times)

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Brontok Disinfection
« on: June 19, 2013, 03:49:58 AM »
Hello,

Does anyone know if CCE can clean and infected computer with Brontok malware?

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2121
Re: Brontok Disinfection
« Reply #1 on: June 19, 2013, 10:32:24 PM »
I familiar with this one.   This will infect winlogon, lsass, csrss.  It will create a .scr file or 2 and a bunch of shortcuts to it if you attach a usb memory stick to it.  In Internet explorer is will change the start page.  Also will create a bunch of files that are 42kb in size.   If show hidden files in windows explorer,  open "appdata and somewhere in there you'll find some folders that should not be there (it'll be obvious).  It'll have some fake lsass and csrss files with the windows xp file icon on it even if it's on windows 7 Hehehehehe  :-La  

Put the sensitivity to high, let it finish and let delete on reboot.  it'll be gone.  This is a fairly old rootkit, don't worry there no MBR to worry about ;)

« Last Edit: June 19, 2013, 10:34:25 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: Brontok Disinfection
« Reply #2 on: June 20, 2013, 06:41:39 AM »
Put the sensitivity to high, let it finish and let delete on reboot.  it'll be gone.  This is a fairly old rootkit, don't worry there no MBR to worry about ;)
Alrighty then. Thanks jay2007tech ;)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek