Virus writers/creators are getting smarter nowadays. Most of the time, I was able to clean virus / trojans / spywares in Windows Safe Mode since the normal Windows loads up virus during startup. So in Safe Mode, it doesn’t load and I get to check all the startup methods and remove whatever entries that’s suspicious. If you’ve been infected by a virus called Brontok, you’ll know how it can get on your nerves and want to look for the writer to bash him up! The author of Brontok virus always update its variant so that Brontok cleaners and antivirus wouldn’t be able to clean Brontok from the system.
Brontok virus disable Registry Editor (regedit.exe), System Configuration Utility (msconfig.exe) and also Task Manager. When you try to run any of the tool, your computer automatically restarts. Even in Safe Mode!!! That can be solve by using a Brontok cleaner which removes Brontok from memory and then enable back the Registry Editor and System Configuration Utility. Then you can use various types of antivirus or brontok cleaners which I found to scan and remove any Brontok infected files.
Yesterday I met a new case where Brontok virus doesn’t allow you to boot in Windows at all. Not even in Safe Mode! It automatically restarts when you log in to any user account. Here’s how you can make a Windows bootable again if it’s caused by virus, trojans or spywares.
There are so many startup methods and it’s very hard to check them when you can’t boot in to Windows. What you can do now is clean up as many virus files as possible. For example, Brontok virus place a file called Empty.pif on your Windows Startup. If the Empty.pif file is removed, it won’t be able to load Empty.pif when you boot up your computer. You’ll most probably be getting an error message saying that “file is not found” or something similar to that but now you can boot in to Windows. It can be that buggy Empty.pif causing your computer to automatically restart when you log in Windows. You get the whole picture?
This is what I suggest you to do if your Windows auto restarts itself whenever you log in to Windows and it’s caused by virus, trojan or spyware.
1. Download and burn the latest Hiren’s BootCD.
2. Put in the CD and boot up with it.
3. When you get the Hiren’s BootCD startup menu, select number 2 to Start BootCD.
4. Select option number 3 that says Antivirus Tools…
5. Select option number 1 that says F-Prot Antivirus 3.16f 26-04-2007 (Date and version might be different)
6. A blue colored screen will appear that says F-Prot Antivirus Scanning options.
7. Select option number 2 that says “Dumb” Scan of all files.
8. You will now have the option of what to do with the infected files. For me, I’d choose delete automatically.
9. Select the drive to scan and wait for the scanning to complete.
After using F-Prot Antivirus to scan, you can use McAfee Antivirus to scan again. Just select option number 2, then select option number 1 that says “Scan of all files“.
Most of the virus, trojan and spyware should be removed after scanning with F-Prot Antivirus and McAfee Antivirus. Eject Hiren’s BootCD and boot your computer as normal. Very likely you’re able to boot in Windows now but you’ll be getting a error message saying couldn’t find some certain file. That’s OK, you know that at least it doesn’t load the Virus during startup.
The next step after you can boot in to Windows is, run AIMFix. AIMFix is a very powerful tool that is able to remove suspicious files that’s running in memory.
If you’re infected by Brontok, use ALL of the tools listed here to scan and fix your system. It should bring back your regedit and msconfig.
To be on the safe side, install a good Antivirus such as Kaspersky on your system, update it to the latest version and definitions, and run a thorough scan.
You should be able to remove most virus, trojan or spyware using the method above. Make sure you always have Hiren’s BootCD with you because it’s the best of the best Boot CD. Also, a USB flash drive containing AIMFix, and all brontok cleaners would be very useful too.
Good luck and hope you’re able to boot in Windows after cleaning the nasty virus.