Skip to content

Perl/Linux Brontox Remover

March 8, 2006

Here is a simple perl/linux (should work on cygwin) script to wipe out Brontox from your flash disk.

#!/usr/bin/perl

$brontoxMD5 = '9f472b33711035a5174f4f7f2ea5398f';

$deleted = 0;
foreach (`find -name '*exe'`) {
. . chomp;
. . @path = split /\//;
. . $path[-2] =~ s/[[]()+*]/$1/g;
. . if ($path[-1] =~ /^$path[-2]/) {
. . . . if (`md5sum '$_' | cut -d" " -f1` == $brontoxMD5) {
. . . . . . print "Removing: $_n";
. . . . . . `rm '$_'`;
. . . . . . $deleted++;
. . . . }
. . }
}

print "$deleted files removed\n";

Don’t mind the dots, I cant post ‘whitespaces’ to WordPress. It’s just there for the sake of code indentation.

Run the code at the root directory of your brontox-infected flash-disk.

From → Internet

12 Comments
  1. Ka, script loe gue coba di system gue (di Mac OS X), tapi ada error di regexnya. Errornya:

    [ravens:~] rezmuh%
    Nested quantifiers in regex; marked by

  2. Brr~ *gebuk wordpress* backslashnya pada ilang2 gitu dari regexnya!
    Try this one:

    $path[-2] =~ s/[\[\]\(\)\+\*]/\\$1/g;

  3. I would like to remove the brontok, BRONTOK.A[10] which always pop up when i open the yahoo mail.and this bother me a lot ..please let me know how to remove this completely?please help

    email me at mheme_brant@yahoo.com.ph

    thanks
    amy

  4. I would like to remove the brontok, BRONTOK.A[10] which always pop up when i open the yahoo mail.and this bother me a lot ..please let me know how to remove this completely?please help

  5. niyi permalink

    hi,
    pls i need help to clean a virus called brontok A(10) by jowobot#VM community in malaysia. pls send the solutiom to my box
    thanks,

  6. Leila permalink

    Hi
    I have the same problem as amy.Plz help me
    thanks a lot

    Leila

  7. faridah permalink

    plz..help.when i on my laptop…the black box always come out..so how????

  8. I hate brontok permalink

    Note: If you download mozilla firefox,brontok will opened in new tab, so it don’t ganggu you.
    For more soalan plese go to http://answers.yahoo.com

    you can ask question there, Note= I masih belum merdeka from brontok because I dun know how to delete it.

    Brontok : Brontak : Memberontak : Pemberontak = kesimpulanya : Virus brontok mungkin di buat oleh
    pemberontak Indonesia. Pemberontak : Anti Kerajaan.

    Message :

    BRONTOK.A[14]
    — Hentikan kebobrokan di negeri ini —

    1. Penjarakan Koruptor, Penyelundup, Tukang Suap, & Bandar NARKOBA
    ( Send to “NUSAKAMBANGAN”)

    2. Stop Free Sex, Aborsi, & Prostitusi
    ( Go To HELL )

    3. Stop pencemaran lingkungan, pembakaran hutan & perburuan liar.

    4. SAY NO TO DRUGS !!!

    — KIAMAT SUDAH DEKAT —

    Terinspirasi oleh:
    Elang Brontok (Spizaetus Cirrhatus) yang hampir punah

    [ By: HVM31 ]
    — JowoBot #VM Community —
    !!! Akan Kubuat Mereka (VM lokal yg cengeng & bodoh) Terkapar !!!

    Dari segi bahasa, sah ia buatan Indonesia. Pencipta virus ini mungkin Hacker yang handal serta berbakat.

    Lokasi virus : C:\Documents and Settings\(nama account)\My Documents\My Pictures\about.Brontok.A.html
    Muncul di : Internet Explore, Mozila dan lain lain sistem pelayaran Internet
    Waktu Virus : Setiap pukul 3.00pm, 6.00pm, 9.00pm, 12.00pm, 3.00am, 6.00am, 9.00am, 12.00am.
    Pencipta : [ By: HVM31 ] — JowoBot #VM Community — Warna : Kuning ~Message :
    !!! Akan Kubuat Mereka (VM lokalyg cengeng & bodoh) Terkapar !!!
    Bahasa : Teruk
    Background : Hijau
    Nama Penuh: BRONTOK.A[14] Warna : Merah
    Bahasa : Teruk
    Permehatian Berserta inferens : (PBI)
    1)Kiamat sudah dekat, Filem Kiamat Sudah Dekat, mungkin ada kaitan.
    2)( Send to “NUSAKAMBANGAN”) mungkin SMS ataupun syarikat telefon.
    3)[ By: HVM31 ] — JowoBot #VM Community — mungkin orang Jawa.

    Misteri Brontok

    Kita boleh mendelete brontok dengan pergi lokasinya. Tetapi ia akan ada balik apabila waktu nya tiba.
    Kesimpulan : Dengan cara delete tak berkesan
    PBI : Mungkin ada Engine yang meletak kan virus brontok ke lokasi nya apabila tiba waktunya, Engine masih belum dikenal pasi. Ia tidak boleh dikesan oleh
    Norton Anti-Virus Spywere. (nama account)

  9. Saamia permalink

    please help e remove brontoxA|10|.

  10. my problem is that computer is brontok virus so iam found the sulotion is brontok virus please help me

  11. bhavika soni permalink

    i have the same problem this virus bugs whenever i open any site and sunfor nearly say5-10 mins

  12. amjad permalink

    i have same problem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: