This windows PC worm is most rapidly spread over the internet that is well known to reach you as an attachment of e-mail and forwards itself to email addresses in your contacts list or to your IM contacts.
It creates registry values that disables access to registry editor and also folder options in tools menu. It also creates .exe files in almost every folder on your PC usually named as folder itself.
As you know, almost all the virus are nothing but registry modifications that effect the stability of your system. When these registry keys and values are deleted, the system is recovered. As this Brontok virus has disabled the the access to registry editor itself, first lets enable it by deleting those unnecessary registry values using command prompt and then troubleshoot others.
#1. To access the command prompt go to Start-->Run... and type cmd or command and click OK
#2. At the command prompt type the following commands and press enter. Choose 'y' when prompted to confirm the deleting process.
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system /v
DisableRegistryTools
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
DisableRegistryTools
These commands delete the registry value named "DisableRegistryTools" under the specified registry key and thus enables the registry editor.
#3. To enable the Folder Options, let's delete the registry value that is causing the problem.
Go to start-->Run... and type regedit and press OK.
This opens the registry editor window.
From the left pane of your registry editor, navigate through the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and delete the registry value found in the right pane named "NoFolderOption"
This process can also be done giving the below command at the command prompt.
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOption
#4. Access registry editor and from the left pane navigate through the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to find registry entries with value name containing words such 'Brontok' or 'Tok-' and delete them.
#5. To remove unnecessary .exe files created on your PC, go to windows search and search for *.exe files in 'My Computer'
Also tick the boxes that says 'Search system folder','Search hidden files and folders' and 'search subfolders' under the More Advanced Options.
This will list out all the executable files on your system. Find those exe files that are displayed as folder icon usually with the name folder and delete them.
#6. Close all the Applications and restart your PC.
That's it!! You have successfully removed the Brontok worm virus.
As a precautionary note always be careful when accepting any email attachments from unknown sources. Its much better to defend your system by using a updated anti-virus software.
Hope this helps....
this trick don't work on Vista
@moneymoney
It works well on Windows XP and I hope it should work with Vista as well...
Can you spott at which step you are facing the problem.
Be more specific for which you think this trick doesn't work with vista.
Anyways.. nice to hear from you.
Tuned in to my future posts and post in your valuable comments.
Regards,
ramaraobobby
http://twitter.com/ramaraobobby
When i tried to search DisableRegistryTools i am not to find it even i have tried your CMD trick that is also not working i am getting some REG DELETE Error.
I think this trick work in Windows XP.
but i will say u are doing really good work i appreciate.
@moneymoney
first of all let me ask you a basic question.
Is you PC infected with brontok virus??
If the answer is no...then neither of the two commands I have mentioned work on you PC, coz the string value DisableRegistryTools doesn't exist in you registry.
Moreover the search shouldn't be done for DisableRegistryTools. The search I have mentioned is to list of all the exe files on you PC. So in the field that says 'Type all or part of the filename' in windows search you have to give *.exe
Even if that string value does exits in you registry how can you find it on windows search?? Windows search cannot find registry keys or values. So DisableRegistryTools is not what you have to search for.
Hope you have understood.
Let me know if you are infected with this virus and found this trick not working on your PC, so that I can come up with the solutions that suits you...