Spyware, Viruses, & Security forum

General discussion

Brontok.A POPUP

Anybody know anything about what Brontok.A is? Continues as jowoBot#vm community. What is,if any is the harm caused by this popup or shall I say benefit?

Its on my machine, doesn't matter if am connected to the internet or not. How can I remove it, its located in my pictures and each time I think I have deleted it, it appears again. It also doesn't come up as a virus after a scan.

Discussion is locked
You are posting a reply to: Brontok.A POPUP
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Brontok.A POPUP
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
might try here also...

In reply to: Brontok.A POPUP

Collapse -
Computer Associates lists 27 variants

In reply to: might try here also...

Win32.Robknot.AD (EZ Antivirus), W32.Rontokbro@mm (Symantec), W32/Rontokbro!ITW#13 (WildList)
Win32/ Robknot.A 27 Mar 2006
W32/VB.MY (F-Secure), Win32/Brontok.A!Worm (InoculateIT), Email-Worm.Win32.Brontok.c (Kaspersky), W32/Rontokbro.a@MM (McAfee), W32.Rontokbro@mm (Symantec), WORM_RONTOKBRO.A (Trend), Win32.Robknot.A

Win32/ Robknot.AH 27 Mar 2006
Win32.Robknot.AH (EZ Antivirus), Win32/Robknot!Variant!Worm (InoculateIT), Worm.Win32.Brontok.a (Kaspersky), W32.Rontokbro@mm (Symantec), W32/Brontok-N (Sophos)
Win32/ Robknot.AJ 27 Mar 2006
Win32.Robknot.AJ (EZ Antivirus), Win32/Robknot!Variant!Worm (InoculateIT), Worm.Win32.Brontok.a (Kaspersky), W32.Rontokbro@mm (Symantec), W32/Brontok-N (Sophos)

Collapse -
Thank you

In reply to: might try here also...

Thank you all for your contributions. I still don't know exactly if it does any harm to the system and what exactly is that harm, or does this depend entirely operating system? or probably brand?

Collapse -
(NT) (NT) It is a VIRUS

In reply to: Thank you

Collapse -
Damedem.. If you still haven't gotten an answer..

In reply to: Thank you

Collapse -
Here is a write-up from the worm

In reply to: Thank you

Collapse -

In reply to: Here is a write-up from the worm

This is a long one but some background to my motivation for creating this discussion.......I have been very concerned to learn more because for sometime my computer could only boot in safemode. Though I no longer Boot in safemode and was recently able to connect to the internet and actually see some sites though I cant access my msn.com. I started with windows update to install SP 2, but a messege comes up telling me that my security settings do not allow websites with ActiveX Control, which I have to allow, but the information bar does not have the install dialogue.

Secondly, a pop up site keeps coming up, www.Brotoka although it has been prevented from downlaoding, dont if there is a connection but I need advice on how to proceed. Don't if I can get this update through another path. The machine wont read a windows XP CD when I tried to run one.And began to wonder if there is a connection to my inability to install or download critical updates because the computer restarts each time I try to run/download updates.

I have been in touch with the manufacturer and have now advised a complete re-install.

I have an on-going discussion in the computer help forum on this (Booting in Safemode).

Collapse -
Are you able to download and install.....

In reply to: Connection....

ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 trial of the program.

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions".

Close ewido and reboot your system back into Normal Mode.

McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.


Collapse -
Not responding

In reply to: Are you able to download and install.....

Unfortunately my computer restarts each time I click on save. Is it possible to run it without saving it?

Collapse -
I found "brontok washer"

In reply to: Not responding

Collapse -
Out to work

In reply to: I found "brontok washer"

I am travelling on business, I will definately get back to you.

Thank you very much.

Collapse -

In reply to: Brontok.A POPUP

What anti-virus are you using? This virus is quite common so your AV may be weak if it can't pick up your virus! Do an online scan with:
BitDefender: http://www.bitdefender.com/scan8/ie.html
Trendmicro Housecall: http://housecall.trendmicro.com/

Please reply back with the results of the scan, try the Housecall scan, if you don't get any results try BitDefender and you should find some.


Collapse -
Failure scan

In reply to: Antivirus

Unfortunately, I still didn't manage to get the scan even after changing the security settings to allow the ActiveX control. Any other solutions, please

Collapse -
(NT) (NT) What AV are you using?

In reply to: Failure scan

Collapse -
McAfee Virus Scan

In reply to: (NT) What AV are you using?

However, I was reporting about the attempt to scan I made based on advice from Paul to use http:www.bitfender.com/scan8/i.e or http://housecall.trendmicro.com/. These two have failed to download because they need ActiveX controls, which I have failed to do no matter how much I change my settings. I can't even install critical updates.

Collapse -
So McAfee..

In reply to: McAfee Virus Scan

.. picked up the virus, but it couldn't remove it? If not, how do you know you had the virus? I'm guessing the Virus Scan didn't pick it up or else it would have removed it?


Collapse -
Its a popup

In reply to: So McAfee..

As soon as I click on the internet and instead of the website I have chosen, it comes up

Collapse -
But explain how you know its Brontok.A

In reply to: Its a popup

I've never had this virus so please inform me fully. Does it say, 'Brontok popup'or something? Sorry if that was obvious, but I really didn't know. We could be dealing with another virus not Brontok for all I know.


Collapse -
It says Brontok.A

In reply to: But explain how you know its Brontok.A

I dont know how to explain this perfectly, but I will try. It comes unsolicited thats why I called it a popup for lack of a better name except it doesn't give a warning and is rather a full screen popup, the address says Brontok.A(See my original post), the content has a green background, top part is in red, lower part is in white, it is not in english but could be dutch or spanish because some words are similar to english. Even some of the words in the messege repeat Brontok, jowobot etc. It does not fully download because my security settings dont allow it. I started this post because I became curious and wanted to understand what was going on. Hope this helps.

In the meantime, am still out of time, so am yet to perform the removal exercise recommended through the post.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!