MobileRead Forums - View Single Post - Troubleshooting brontok virus found on my Kindle

wolftail · 07-27-2013, 04:54 PM

Brontok is a common virus that spreads from PC to PC through the use of USB flash drives. Since the Kindle acts as a USB drive, the virus automatically copied itself on it. (I had some trouble with the exact same virus a while ago.)

These kinds of viruses usually spread by abusing a functionality of Windows to present to the users some options regarding the content of the flash drive/CD/DVD/etc. Windows will look for a file called "autorun.inf" that has some information about programs that can run when the drive is inserted and other options. (This is how installation programs auto start when you insert a CD.) This can be helpful, but it is rarely used on flash drives. Since it is mostly used by viruses to automatically open themselves and infect new PCs when an infected drive is inserted, Microsoft has decided to remove the functionality in newer versions of Windows (since Windows 8 to be more precise).

You can manually disinfect the drive by deleting the files the virus added. You most likely will need to enable the display of hidden files for this. Start by removing the autorun.inf file in the root of the drive. This will neuter the virus and leave it dormant on the flash drive. (It won't be able to autostart when the drive is inserted.) The actual virus file is usually hidden within a folder of the flash drive. Try to search for folders with weird names, folders that you haven't created, and you will most likely find an exe file. Some times the virus is located in a folder named "Recycled"/"Recycle.Bin" or something similar (It even has a recycle bin icon usually). This is an attempt to mimic the legitimate folder where Windows holds deleted files on the hard drive. Delete it and your drive should be disinfected. To be sure, also scan the drive with an Antivirus to be sure. Be careful! By inserting a flash drive in an infected computer, the virus will copy itself back on the drive.

If you want you can use some tools that immunize flash drives by making it hard for viruses to write their own autorun files. You can try: http://labs.bitdefender.com/projects...izer/overview/ . Other AntiVirus vendors offer similar protection tools as well.

07-27-2013, 04:54 PM	#6
wolftail Connoisseur Posts: 59 Karma: 57554 Join Date: Jan 2012 Location: Romania Device: Kindle Touch	Here's how to remove the virus Brontok is a common virus that spreads from PC to PC through the use of USB flash drives. Since the Kindle acts as a USB drive, the virus automatically copied itself on it. (I had some trouble with the exact same virus a while ago.) These kinds of viruses usually spread by abusing a functionality of Windows to present to the users some options regarding the content of the flash drive/CD/DVD/etc. Windows will look for a file called "autorun.inf" that has some information about programs that can run when the drive is inserted and other options. (This is how installation programs auto start when you insert a CD.) This can be helpful, but it is rarely used on flash drives. Since it is mostly used by viruses to automatically open themselves and infect new PCs when an infected drive is inserted, Microsoft has decided to remove the functionality in newer versions of Windows (since Windows 8 to be more precise). You can manually disinfect the drive by deleting the files the virus added. You most likely will need to enable the display of hidden files for this. Start by removing the autorun.inf file in the root of the drive. This will neuter the virus and leave it dormant on the flash drive. (It won't be able to autostart when the drive is inserted.) The actual virus file is usually hidden within a folder of the flash drive. Try to search for folders with weird names, folders that you haven't created, and you will most likely find an exe file. Some times the virus is located in a folder named "Recycled"/"Recycle.Bin" or something similar (It even has a recycle bin icon usually). This is an attempt to mimic the legitimate folder where Windows holds deleted files on the hard drive. Delete it and your drive should be disinfected. To be sure, also scan the drive with an Antivirus to be sure. Be careful! By inserting a flash drive in an infected computer, the virus will copy itself back on the drive. If you want you can use some tools that immunize flash drives by making it hard for viruses to write their own autorun files. You can try: http://labs.bitdefender.com/projects...izer/overview/ . Other AntiVirus vendors offer similar protection tools as well.