Saturday, March 20, 2010

Removing a Rontokbro / Brontok Infection

Removing a Rontokbro / Brontok virus can be tricky. To do so will need access to a second, non-infected PC. Here are the steps:

1. From a non-infected PC, following the first 8 steps outlined in How to Make an F-Prot CD.

2. Take the F-Prot CD to the infected computer. Boot the infected computer into Safe Mode (see How to Boot into Safe Mode), then follow the 7 remaining steps outlined in the How to Make an F-Prot CD article to scan the system and remove any instances of Rontokbro / Brontok seen.

3. Before you reboot the computer, while still in Safe Mode, disable system restore. You can re-enable the system restore feature later, after you've booted normally, to create a new, clean system restore point.

After cleaning the system, dont forget to remove any virus-created entries in the HOSTS file. Then update your antivirus software, test it with the EICAR test file to ensure it's working properly, and rescan your entire system - including any mapped and removable drives.

To avoid re-infection from Brontok, be sure not to open the email attachments received unexpectedly - even from your friends - unless you are certain of the intent. Don't share your USB and thumb drives with others unless you are certain their system is clean and don't download files from anonymous P2P files-haring networks.

No comments:

Post a Comment