Brontok cleaning

Brontok may still be in the update, so I will give instructions and cleaning Brontok is not a antibrontok. Note that the steps detailed here may not be exactly the same deal for Brontok, because the file names may change.

If you are not sure, replace all the steps become clear steps to move the file directory certain.

1. Turn off the system restore features in Windows.
2. Close all programs that are running, save all your documents.
3. First, kill the process Brontok (the process is a program that is running).
You can use Process Explorer from sysinternals.com, one of the programs that are not imaginable by the Brontok (other similar programs will cause the computer restarts. Perhaps only in the next version of the program Brontok Process Explorer will also lead to restart the computer if run). Services.exe kill the process, lsass.exe, smss.exe, and winlogon.exe.
* Another way is to utilize the program KillVB I have made, the program will kill all the processes that executablenya written in VB (not only viruses). Simply download, extract, and run the file. Virus will die in the memory after you run the program and you can continue the process of cleaning your computer (no need to restart or log in safe mode).
Killvb action program

killvb kill the process running the Visual Basic.
4. At the start menu, select programs, and select the startup Click the right (not the one with a left-click) on Empty.pif, and delete the file. (If necessary, remove all the files that you do not need, in the future may file name will be changed Empty.pif.)
5. Fix registry to create the file fixbrontok.inf listed below, and then right click on the file and choose to install (you can download the file here). This file will change the settings to improve by Brontok, and will set Explorer to show hidden files and display the file extension is also known by the Explorer.
6.

[Version]
Signature = "$ $ Chicago"
Provider = Compactbyte

[DefaultInstall]
AddReg = fix
DelReg = del

[fix]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, Hidden,% REG_DWORD%, 1
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, HideFileExt,% REG_DWORD%, 0
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced, ShowSuperHidden,% REG_DWORD%, 0
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"

[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, Tok-Cirrhatus
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Bron-Spizaetus
HKLM, SYSTEM \ CurrentContolSet \ Control \ SafeBoot, AlternateShell
HKLM, SYSTEM \ ContolSet001 \ Control \ SafeBoot, AlternateShell
HKLM, SYSTEM \ ContolSet002 \ Control \ SafeBoot, AlternateShell
HKLM, SYSTEM \ ContolSet003 \ Control \ SafeBoot, AlternateShell
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableCMD
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegistryTools
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFolderOptions

[Strings]
REG_DWORD = 0x00010001

7. For the next step, to ensure whether the object with a folder icon is actually a folder, do one of the following steps:
* Use the detail view (in Explorer, select the menu view, and details). See whether the object type in the folder or application. Do not click on the folder icon with the application.
* Restart explorer (without restart Windows), how to do: run the task manager by pressing ctrl-alt-del, select the Processes, and select explorer.exe and select End Process. Select "Yes", then go to the Application tab, select New Task, type Explorer.exe, and press enter.
8. Delete all the files. Exe files in the% windir% \ shellnew (% windir% is your Windows directory, for example, C: \ Windows). You must remove the right of the folder icons have, but should not this directory contains the files. Exe and usually all exe files in the directory is safe in the clear.
9. Clean the rest of the registry was formed with the random string, use the msconfig (select Start, type msconfig and Enter), and see the startup tab, remove the startup items with the name begins with the name and bbm brxxxon (xxxx is a random number). Once again: the name of this may soon change. The best way is to see the command (second column), for example, listed C: \ Windows \ X.exe, see the file C: \ Windows \ X.exe, if the file has a folder icon you can delete them.
Display MSConfig

Display msconfig.
10. Search all files. Exe and. Britain in the drive all the features you find in the Explorer and delete the file if the file has a folder icon. To reduce the number of files that restrict the size of the files found to be <90 kb (old version of about 82 kb, a new version about 43 kb). Sort by file size to simplify the process of elimination. Note also that you find files that are hidden For more details, see the following picture.
Setting the correct search

Setting the correct search.
11. Delete all the files. Com with the same size Brontok size that you find in the previous step-in C: \ Documents and Settings \% username% \ Templates.
12. Remove Scheduled task in the Control panel that does not belong to you (the name At1, At2, etc.).
Display Scheduled tasks Windows XP

Display Scheduled tasks in Windows XP.
13. If you use Windows 95, Windows 98, ME or Windows, see the contents of the autoexec.bat file in the root folder (C: \ autoexec.bat, D: \ autoexec.bat, etc.), if the content is only one line (one the word "pause"). Remove autoexec.bat.
14. Restart the computer, and see whether there is Brontok.