i have scanned my brother's computer using AVG before and detected brontok virus. however when i installed ewido 4, and opened analysis of the startup iems, i noticed tok-cirrhatus which is probably a remnant of the virus. can i safely delete this? how can i remove a pop-up searching for explorasi.exe using ewido?

yes its safe to delete the remnant. you can also search for explorasi.exe in registry entry. :D

thanks for the quick reply. After running ewido 4 analysis, i noticed the following process names:
lsass.exe
winlogon.exe
scrss.exe
explorer.exe
smss.exe
services.exe

is it safe to terminate these applications?

what is a prefetch? these things are suspicious files right? how can i completely remove remnants of a brontok.ae virus which appears to infect my computer before? should i leave the remnants alone for they are already harmless?

The following are legitimate windows files and if you delete them you will end up without a functioning computer!:-

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

Please note that the above are the correct file paths for XP, if you have different file paths (on XP) then yours could be baddies; they should not appear as autostarts either.

scrss.exe is different though, if that appears as a Service it could be this:-

http://www.softwaretipsandtricks.com/dangerous_files/4273-scrssexe.html

http://www.sophos.com/virusinfo/analyses/trojhacdefr.html

I don't think you've adequately cleaned your machine, please do the following:-

1) Download and run the latest version of CCleaner from here:-

http://www.filehippo.com/download_ccleaner/

Before running CCleaner you should configure it by clicking Options/Advanced and unchecking the box for 'Only delete files in Windows Temp folders older than 48 hrs'. (CCleaner will get rid of your old Prefech data by the way).

2) Boot into 'safe' mode:-

http://www.bleepingcomputer.com/forums/tutorial61.html

now do a full system scan with AVG first, then ewido (ensuring you are using latest definitions). Quarantine anything found.

3) Finally do an online scan:-

http://www.kaspersky.com/service?chapter=161739400

If that finds anything, or you still have things in ewido's analysis you think you shouldn't have, let us know.

thanks for all the help. i got rid of the explorasi.exe pop-up and computer appears clean.