Running windowsXP SP2, I've had an infection with the worm brontok.ee and vbs sasan. I've run AVG free and NOD32 to clean up, but I still can't open the C: drive with a double click - I get an error msg saying windows can't find .MS32DLL.dll.vbs (this was infected and thus quarantined by AVG, but can't be healed apparently), and folder options have been made unavailable (so I can't view hidden files and folders). The whole things going slow (I've run two spyware scanners on it too). Any one got any ideas? I'd be very grateful.

Hello.

Please download RegSupreme Pro:
Macecraft Software - Download Windows Maintenance and Registry Cleaning utilities

Run it. It will want to make a backup of your cache, let it. Click on the Registry Cleaner tab, and select Aggressive. When it has finished, click on Select, and choose All. Click on Fix, and let it fix everything that it finds.


Next run Panda ActiveScan.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Attach the ActiveScan report in your next reply.

__________________
< Prework | PCHF Rules | ParasiteDB - Database on Spyware, Adware, Trojans and more!>

Thanks for the speedy reply - installed the regsupreme and it found hundreds of old entries - all good so far, however panda active scan won't work on firefox, it says you must use IE, but I've uninstalled IE from my PC - any alternatives to suggest?

Activescan.txt ok, ignore that last one, I put IE back on so here's the Panda log:

It seems to say that brontok is still in my pictures, but it's not appearing in the folder, even with hidden files and folders displayed.

Thanks again

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Next:
1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot", and then select "All files".

3) Copy the file name below to the clipboard by highlighting it and pressing Control-C:
C:\Documents and Settings\Chachy\My Documents\My Pictures\about.Brontok.A.html

4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.


Note: Killbox may report that the file could not be found, since Panda ActiveScan had already disinfected it.



Now, please restart the computer before running a new scan with Panda ActiveScan.

__________________
< Prework | PCHF Rules | ParasiteDB - Database on Spyware, Adware, Trojans and more!>

Did what you suggested with killbox etc. re-ran panda activescan, now everything's clean and smooth (just how we like 'em huh?)

Thanks for your help.

I´ve still problems. This is my report:


Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Programme\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
Potentially unwanted tool:Application/MyWay Not disinfected C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
Virus:W32/Brontok.C.worm Disinfected Operating system

Can you help me?

I was infected by the worm sasan a.21 during the transfer of files between my memory card with my pc. Now, i cant open my local disk C:/ through double-click and now the "Run" on my startup has disappeared. I tried the method above but my IE cant seem to download the panda active scan. It always said error at the last moment of the installation. Can someone offer me method that can solve my problem specifically? I will be really grateful. Thanks in advance.