Kill Brontok A HVM 32 Virus Files
2.69/5 (8 votes)
Aug 25, 2006
2 min read
82787
3404
This is an antivirus solution to deal with the Brontok A HVM 32 Virus.
Introduction
Well, half a year back my system and infect many systems in our institute got infected with a strange virus Brontok A HVM 32. This virus spreads through shared folders on networks. It affects system in many ways:
- It creates an EXE file with the name of the parent folder. For example if there is a folder with name 'Abhishek' then this virus will create a file with the name 'Abhishek.exe' inside that folder and does the same for all subfolders. Sometimes the file name are also like Data.exe or with other names like [username].exe
- Corrupts the 'Folder Option' button in Control panel.
- Corrupts the cmd.exe.
As usually I searched for a solution on net but did not find a complete one. There is a solution available but it only reverts back the effects of the virus and does not delete the folder.exe kind of files. If you by mistake click these file, the virus will again come. So I developed this small but good enough program to get rid of all those infected files.
Prerequisite for Running this Program
As I already mentioned that this program only deletes the infected files so be sure to run the solution CS_DevEvil. This antivirus can reverse the effects of Brontok A HVM 32 virus and need to be run before this program.
How to Use Executable
Well, if somebody is interested only in removing the infected files. Then here are the steps:
- Click 'Set virus File's properties' to set the properties of the infected files on your system (Sometimes they are different for different systems). Otherwise, default attributes will be used.
- In the default mode the program removes only [folder].exe kind of files. If you want to remove others like 'Data Abhishek.exe' than click 'Kill file with this name also'.
- Finally click 'start' and the rest is obvious.
- If you suspect that your system has files with the name 'Data example.exe' but you could not select it through 'Kill file with this name also' button, than just make a text file, rename it to 'Data example.exe' and select for removal.
Using the Code
The code for this program is very simple. I have used two main functions - searchFolder and removeVirus.
searchFolder
This function searches each folder recursively for virus files and calls the function removeVirus only when all of its subfolders are cleaned.
void searchfolder(string path)
{
if(this.progressBar1.Value==100)
progressBar1.Value=0;
this.progressBar1.Increment(5);
try
{
string []folders=Directory.GetDirectories(path);
this.Update();
statuslabel.Text="Cleaning "+path;
for(int i=0;i<folders.Length ;i++)
{
//recursively search folders
searchfolder(folders[i]);
}
//check if we are in root directory. if not than proceed further
if(!Path.GetPathRoot(path).Equals(path))
removeVirus(path);
}
catch{}
}
removeVirus
This function cleans the folder and removes all the infected files.
void removeVirus(string path)
{
string folder=Path.GetFileName(path);
//get all the executable files in the folder
string []files=Directory.GetFiles(path,folder+"*.exe");
int i=0;
FileInfo fi;
try
{
for(i=0;i<files.Length;i++)
{
fi=new FileInfo(files[i]);
if(fi.Length ==filesize)
{
File.Delete(files[i]);
logBox.Text +="\n"+files[i]+" deleted ";
counter++;
}
}
}
catch
{
logBox.Text +="\nThe file "+files[i]+" cannot be deleted";
}
foreach(object o in killfiles)
{
string fname=(string)o;
files=Directory.GetFiles(path,fname);
try
{
for(i=0;i<files.Length;i++)
{
fi=new FileInfo(files[i]);
if(fi.Length ==filesize)
{
File.Delete(files[i]);
logBox.Text +="\n"+files[i]+" deleted";
counter++;
}
}
}
catch
{
logBox.Text +="\nThe file "+files[i]+" cannot be deleted";
}
}
}
Conclusion
Have nothing to write here. Enjoy!!!!!!!!!!!!!!!!!!!!!