How to remove Win32.Brontok.A@mm
The worm prevents access to Registry Editor and specific executables, forcing the restart of the system when it detects their corresponding processes running. The worm creates copies of its main executable in %UserProfile%\Local Settings\Application Data with the following file names: smss.exe, services.exe, lsass.exe, csrss.exe, inetinfo.exe, winlogon.exe. The threat also writes values into the registry to ensure the infected files are executed on every system boot and the user is unable to view hidden system files.
1. Download the archive containing the removal tool for this type of infection from here
2. Save the file on your harddisk and extract it to a new folder
3. Reboot the computer in Safe Mode ( Windows XP / Windows Vista )
4. Run the removal tool (AntiBrontokA-en.exe)
5. The tool will find any Brontok-infected files on your computer, kill the worm's processes, restore acess to the Regedit Editor and Folder Options and fix the registry entries modified by the worm
The BullGuard Team