Hello,

Its been a while now I cant remove from my PC this worm, and I have tried a lot of things.

I hope you can help me with this.

Alos recently the AVP Removal tool notifies me of the worm and when I keep deleting it, it then restarts the PC. I hope thats a dissinfection feature.

Many thanks,
Gentrit:?

Included is the system information produced from the manual dissinfection tool.

Close/unload all the programs

Switch off:
- Antivirus and, if you have - Firewall.

- Execute following script (http://virusinfo.info/showthread.php?t=9207) in Manual Healing


begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\documents and settings\acer\local settings\application data\lsass.exe');
QuarantineFile('c:\documents and settings\acer\local settings\application data\lsass.exe','');
TerminateProcessByName('c:\documents and settings\acer\local settings\application data\services.exe');
QuarantineFile('c:\documents and settings\acer\local settings\application data\services.exe','');
TerminateProcessByName('c:\documents and settings\acer\local settings\application data\winlogon.exe');
QuarantineFile('c:\documents and settings\acer\local settings\application data\winlogon.exe','');
QuarantineFile('C:\Documents and Settings\Acer\Start Menu\Programs\Startup\Empty.pif','');
QuarantineFile('C:\Documents and Settings\Acer\Local Settings\Application Data\smss.exe','');
DeleteFile('C:\Documents and Settings\Acer\Local Settings\Application Data\smss.exe');
DeleteFile('C:\Documents and Settings\Acer\Start Menu\Programs\Startup\Empty.pif');
DeleteFile('c:\documents and settings\acer\local settings\application data\winlogon.exe');
DeleteFile('c:\documents and settings\acer\local settings\application data\services.exe');
DeleteFile('c:\documents and settings\acer\local settings\application data\lsass.exe');
QuarantineFile('c:\windows\eksplorasi.exe','');
DeleteFile('c:\windows\eksplorasi.exe');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
ExecuteRepair(1);
ExecuteRepair(8);
ExecuteRepair(16);
ExecuteRepair(17);
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing


begin
CreateQurantineArchive('C:\quarantine.zip');
end.

- Upload the C:\quarantine.zip here: upload_virus_eng. (http://virusinfo.info/upload_virus_eng.php?tid=83713)
- Make a new log file and Attach a new log to your new post..

Hello Olejah,

Thank you for your response.

I did as instructed and we have the following:

Upload result

File saved as 100928_161622_quarantine_4ca1dc96d90a4.zip
File size 3652
MD5 c5b1e3db481d0d05da8beee8add5a519
File uploaded, thank you! (of the quarrantine.zip)

and the log file in the attachment.

Thank you!

Hello, now I can't see any suspicious files in the logfile. Is there any problem with system now?

I dont know but I still get the .exe virus related application on the shard documents folder.

I am inlcuding a log file I have just done as well.

Thanks--Gentrit

basically this thing keeps generating itself again and again even after i scan and remove infected items in safe mode and fixing the registry (read how to do it from internet, on how to remove brontok.C worm). it starts appearing again after a while, maybe I am not hitting the source of infection or something.

Make a log of Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)

Ok, here is the malwarebytes lof file.

I hope this can help.

Thanks
Gentrit:)

Alright, now we should delete everything, that was found. And repeat MBAM's log again.

Goodmorning,

Sorry for the delayed reply, just came to my pc (at work).

Just did the scan again removed the files with malwarebytes antimalware and restarted the pc as instructed by the program. Started again the scan and here is the log again showing some infected files right after start up.
:(

Good morning, looks like MBAM couldn't see all files of Brontok. Let's give MBAM one last chance - delete everything it found and check if malware still exists.

I am doing the scan again and I will delete what it finds then I will restart the pc and do the scan again and upload the log file here as soon as it finishes.

Gentrit

Hello,

Just finished the scan for the second time and the log doesnt show any infections, but, the infected files are still there (at the shared documents).

Maybe at the time the MBAM was scanning those folders the antivirus deleted them because they keep appearing and it deletes them time after time.

So the infection is still there mate.

Gentrit