Reflections

“Lappy” is our laptop. Lappy is helping me with all my experiments including this site. Poor fellow was affected by the Brontok.I worm for the last few days.

Symptoms

Main symptoms of this disease are:

• When the system starts, windows explorer is not starting. So I had to run the task manager by pressing CTRL+ALT+DEL and run ”explorer” task to get the desktop.
• Folders can’t be open. Windows explorer is restarting every time
• If I try to search the net for a solution, the system restarts!!!
• Somehow I managed t gather some information regarding the worm and understood that the above things happen because of change in some registry entries by the worm. So when I tried to edit the registry, I got a message saying “Registry editing has been disabled by your administrator”!!! I wondered who the hell is this “administrator”!!! Then I read that the registry editing is also disabled by Brontok by changing another registry key.

Treatment

•  Performed a full system scan with Moon anti virus. It detected the worm and cleaned.
• But the changes made to registry by the worm were still there. To change them, first thing is to get the registry editable. I got this reg_enable.vbs script  from WinHelpOnline.com. Open a command prompt by clicking Start-> All Programs-> Accessories, right-click Command Prompt, and then click Run as administrator.

  Switch to your Desktop directory and type the following command and press ENTER

  wscript.exe reg_enable.vbs

This will revive the registry editing permission.

•  Now run “regedit” and go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. See the value of the key ”Shell”. It was ”Explorer.exe KanjiSosial.exe”. change it to ”Explorer.exe”
• Other changes made by Brontok in registry are explained in WikiAnswers.

Thus now lappy seems healthy and that is why I’m able to post this now!!!

Share This: