Results 1 to 8 of 8

Thread: Problems after Brontok virus removal.

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Posts
    5

    Default Problems after Brontok virus removal.

    Hi everybody, i'm new here and need help please.
    A while ago my PC got infected with the Brontok virus. (email/USB virus)
    I've removed the Brontok worm by means of Avast Bootscan from C:\System Volume Information.
    Now my PC behaves strange like;
    1)Sometimes my PC reboot by itself,
    2)TeaTimer.exe not showing up in the taskbar,
    3)Avast only shows up the second time when opened.

    I've read somewhere that after removing Brontok, a PC is never the same again. (is this true?)

    Now i need some info like what this strange names in the S&D directory means;

    HEHIFR.scr
    KHQVRJAXJJEKKVXV.scr
    NVYLKWYBBZLWWENXH.scr

    Could this be Brontok files created to oppose S&D's functions?

    I use S&D version 1,5,2,0

    Your help regarding this will be very much appreciated.

    Regards

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello lonman,

    .scr is a file extension. As a script or a screen saver the file may have been used to execute other files which carried a Trojan.

    If you would like someone to take a look at the system, please follow the procedure in this link:
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum where a helper will advise you when available.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Posts
    5

    Default

    Quote Originally Posted by tashi View Post
    Hello lonman,

    .scr is a file extension. As a script or a screen saver the file may have been used to execute other files which carried a Trojan.

    If you would like someone to take a look at the system, please follow the procedure in this link:
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum where a helper will advise you when available.

    Regards.
    Thx for your help tashi, i will do so.

  4. #4
    Junior Member
    Join Date
    Oct 2008
    Posts
    5

    Default

    Quote Originally Posted by lonman View Post
    Thx for your help tashi, i will do so.
    Edit; Hi tashi, i've read the procedure in the link and this is going to be a long story for me cos at my age i'm not so good with PC's.
    I do have a good backup which i can use and it will be much quicker for me to format and load backup again.
    I appreciate your help
    Thx

    Regards

  5. #5
    Junior Member jjjdavidson's Avatar
    Join Date
    Jan 2007
    Location
    Central USA
    Posts
    27

    Default

    Quote Originally Posted by lonman View Post
    Now i need some info like what this strange names in the S&D directory means;

    HEHIFR.scr
    KHQVRJAXJJEKKVXV.scr
    NVYLKWYBBZLWWENXH.scr

    Could this be Brontok files created to oppose S&D's functions?
    I don't know about removing Brontok or what damage it does, but those .scr files are normal for Spybot. See this thread:

    http://forums.spybot.info/showthread.php?t=29543

    Hope this helps,
    Jay

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Quote Originally Posted by jjjdavidson View Post
    I don't know about removing Brontok or what damage it does, but those .scr files are normal for Spybot. See this thread:

    http://forums.spybot.info/showthread.php?t=29543

    Hope this helps,
    Jay
    Yes, however,

    Quote Originally Posted by lonman View Post
    Now my PC behaves strange like;
    1)Sometimes my PC reboot by itself,
    2)TeaTimer.exe not showing up in the taskbar,
    3)Avast only shows up the second time when opened.
    So there is a problem and without looking at a log we can't know what is causing it.

    Quote Originally Posted by lonman View Post
    I do have a good backup which i can use and it will be much quicker for me to format and load backup again.
    There may be no need to format lonman, a quick look at a HiJackThis log by one of our analysts would be easy enough and you could go from there. Edit: The computer may be perfectly clean and the problems you are experiencing may have been caused during the process of malware being removed and require a fix.

    If you decide to take that path I will ask someone to assist you asap.

    Best regards.
    Last edited by tashi; 2008-10-03 at 01:12. Reason: edit to clarify
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Oct 2008
    Posts
    5

    Default

    Quote Originally Posted by jjjdavidson View Post
    I don't know about removing Brontok or what damage it does, but those .scr files are normal for Spybot. See this thread:

    http://forums.spybot.info/showthread.php?t=29543

    Hope this helps,
    Jay
    Thx Jay for this info, now i don't have to worry about them.

  8. #8
    Junior Member
    Join Date
    Oct 2008
    Posts
    5

    Default

    @ tashi, my PC still do everything that i need to do, but it's these annoying things that happens sometimes.
    Due to the fact that i'm doing work on the internet i cannot afford to be offline for more than 10 hours. My backup can be restored within half an hour and this will be my best solution, but i don't have to do it now cos like i said my PC is working atm. But i always try to do a repair without formatting, cos formatting for every little problem is no experience regarding troubleshooting & repair.
    Thx for all your info & help.

    BTW i am using HJT and Autorun for a long time now but couldn't find anything suspicious.

    Have a nice day
    Regards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •