Click here to Skip to main content
Click here to Skip to main content
Go to top

Kill Brontok A HVM 32 Virus Files

, 25 Aug 2006
Rate this:
Please Sign up or sign in to vote.
This is an antivirus solution to deal with the Brontok A HVM 32 Virus.

Sample Image - Kill_Brontok.jpg

Introduction

Well, half a year back my system and infect many systems in our institute got infected with a strange virus Brontok A HVM 32. This virus spreads through shared folders on networks. It affects system in many ways:

  1. It creates an EXE file with the name of the parent folder. For example if there is a folder with name 'Abhishek' then this virus will create a file with the name 'Abhishek.exe' inside that folder and does the same for all subfolders. Sometimes the file name are also like Data.exe or with other names like [username].exe
  2. Corrupts the 'Folder Option' button in Control panel.
  3. Corrupts the cmd.exe.

As usually I searched for a solution on net but did not find a complete one. There is a solution available but it only reverts back the effects of the virus and does not delete the folder.exe kind of files. If you by mistake click these file, the virus will again come. So I developed this small but good enough program to get rid of all those infected files.

Prerequisite for Running this Program

As I already mentioned that this program only deletes the infected files so be sure to run the solution CS_DevEvil. This antivirus can reverse the effects of Brontok A HVM 32 virus and need to be run before this program.

Download CS_DevEvil.zip

How to Use Executable

Well, if somebody is interested only in removing the infected files. Then here are the steps:

  1. Click 'Set virus File's properties' to set the properties of the infected files on your system (Sometimes they are different for different systems). Otherwise, default attributes will be used.
  2. In the default mode the program removes only [folder].exe kind of files. If you want to remove others like 'Data Abhishek.exe' than click 'Kill file with this name also'.
  3. Finally click 'start' and the rest is obvious.
  4. If you suspect that your system has files with the name 'Data example.exe' but you could not select it through 'Kill file with this name also' button, than just make a text file, rename it to 'Data example.exe' and select for removal.

Using the Code

The code for this program is very simple. I have used two main functions - searchFolder and removeVirus.

searchFolder

This function searches each folder recursively for virus files and calls the function removeVirus only when all of its subfolders are cleaned.

void searchfolder(string path)
{
    if(this.progressBar1.Value==100)
    progressBar1.Value=0; 
    this.progressBar1.Increment(5);
    try
    {
        string []folders=Directory.GetDirectories(path);
        this.Update(); 
        statuslabel.Text="Cleaning "+path;

        for(int i=0;i<folders.Length ;i++)
        {
            //recursively search folders
            searchfolder(folders[i]);
        }    
        //check if we are in root directory. if not than proceed further
        if(!Path.GetPathRoot(path).Equals(path))
        removeVirus(path);
    }    
    catch{}
}
removeVirus

This function cleans the folder and removes all the infected files.

void removeVirus(string path)
{
    string folder=Path.GetFileName(path); 

    //get all the executable files in the folder
    string []files=Directory.GetFiles(path,folder+"*.exe"); 
    int i=0;
    FileInfo fi;
    try
    {
        for(i=0;i<files.Length;i++)
        {
            fi=new FileInfo(files[i]);
            if(fi.Length ==filesize)
            {
                File.Delete(files[i]);
                logBox.Text +="\n"+files[i]+" deleted ";        
                counter++;
            }
        }
    }
    catch
    {
        logBox.Text +="\nThe file "+files[i]+" cannot be deleted";
    }

    foreach(object o in killfiles)
    {
        string fname=(string)o; 
        files=Directory.GetFiles(path,fname); 
        try
        {    
            for(i=0;i<files.Length;i++)
            {
                fi=new FileInfo(files[i]);
                if(fi.Length ==filesize)
                {
                    File.Delete(files[i]);        
                    logBox.Text +="\n"+files[i]+" deleted";
                    counter++;
                }
            }
        }
        catch
        {
            logBox.Text +="\nThe file "+files[i]+" cannot be deleted";
        }
    }
}

Conclusion

Have nothing to write here. Enjoy!!!!!!!!!!!!!!!!!!!!!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Abhishek _Agarwal
Software Developer
India India
No Biography provided
Follow on   Twitter

Comments and Discussions

 
Generalhi its regarding brontok virus.. PinmemberParminder Singh Saini9-Dec-07 4:16 
GeneralRe: hi its regarding brontok virus.. PinmemberAbhishek _Agarwal13-Aug-08 12:27 
GeneralYeah that might work... but... Pinmembervahnrey29-May-07 22:31 
GeneralRe: Yeah that might work... but... PinmemberPaul Chin PC6-Sep-07 21:53 
GeneralRe: Yeah that might work... but... PinmemberAbhishek _Agarwal13-Aug-08 12:24 
GeneralRe: Yeah that might work... but... PinmemberAbhishek _Agarwal13-Aug-08 12:27 
QuestionDangerous? Pinmemberneilarnold28-Aug-06 0:10 
AnswerRe: Dangerous? PinmemberAbhishek _Agarwal28-Aug-06 5:34 
GeneralRe: Dangerous? PinmemberTyler454-Jan-07 16:10 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140922.1 | Last Updated 25 Aug 2006
Article Copyright 2006 by Abhishek _Agarwal
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid