Kaspersky
Question

Email-Worm.Win32.Brontok.q Infestation Problem

  • 24 June 2020
  • 2 replies
  • 64 views

Dear All, My client company facing a malware infestation issues on their network. This infestation happened before the came to me to use Kaspersky products. And they have been infected by this brontok viruses.

 

First of all their Kaspersky subscription are not covering all of their PC within their network due to their budget issues, and currently we are still coordinating with them to deploy Kaspersky Free on the remaining unprotected PC. So you should understand, at least 60 PC are protected by Kaspersky Endpoint Security 11.3 and some protected by KES 10 due to still using old OS such as Win 7 no SP and there's maybe around 10 more that still unprotected by any AV.

 

So now moving to the issues, the detection rate of brontok viruses has reach almost 1 million in their network. Sound good that Kaspersky can detect and delete the brontok, but what make things weird is that, the detection keep coming from the same PC and the same folder and location again and again and again. And even though i launch full scan, advance disinfection, Kaspersky successfully detect and delete the brontok, but, it kept poping out again few minutes later. 

We suspected that there's might me somehow Kaspersky might has missed one of the brontok bodies in the PC that might cause it continuously popup again and again on the same location.

is there anyway that we can somehow troubleshoot and find the root cause of this infestation? Can anyone guide me how to find and cleaning up once and for all?

Picture below is the report from KSC on detected thread, the picture shown detection on 22nd of June Morning, 24th of June Morning and 24th Of June on the afternoon.

The Kaspersky seems to found the Brontok at the same location each time it detected it. The detection below came from the same PC. And Everyday Kaspersky detect and delete the Malware but it like keep poping up again and again.

 


2 replies

Userlevel 3
Badge +1

Hello,

First try this step on one device with such large number of infection.

1. Download latest Kaspersky virus removal tool from website.

2.Disconnect it from network, and run the tool by booting up the device in safe mode!

3. Make sure you check box all disk drives option before starting the tool.

4. Let it run and check the results.

Userlevel 5
Badge +4

if the infection keeps appearing on the same system, the source of the infection is probably on other systems.
wouldn't be surprised either:

  • "... still using old OS such as Win 7 no SP"
  • "... around 10 more that still unprotected by any AV"
  • the other systems and applications are probably not patched either.

sorry, but your customer has to do his homework:

regards
alex

 

Reply / Ответить