How to Remove Brontok Virus

Some say that you have to know your enemy to defeat him so I'm posting a brief description of what Brontok virus is:

"Brontok Virus came from Indonesia. It arrives as an attachment of e-mail named kangen.exe ("kangen" word itself means "I miss you so much"). When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. The computer also restarts when trying to open DOS window (Command Prompt) in Windows and prevents user from downloading files. It also pop ups the default Web browser and loads a web page (HTML) which is located in the "My Pictures" (or on Windows Vista, "Pictures") folder.
Read More

Here are the Brontok virus removal steps:
1. Start computer in Safe Mode with Command Prompt
> Turn the computer on or Restart the computer
> Start tapping the F8 key. The Windows Advanced Boot Options Menu appears.

2. Type the following to enable registry editor:

reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"

3. After the registry editor is enabled, type "explorer" w/o the quotes.
4. Go to Run and type "regedit", and then expand:

HKLM\Software\Microsoft\Windows\Currentversion\Run

5. In the right pane, delete entries with the "Brontok" and "Tok-" words.
6. Restart computer.
7. Open registry editor and expand the following to enable Folder Options in Tools menu:

HKCU\Software\Microsoft\Windows\Currentversion\Policies
\Explorer\NoFolderOption


8. Delete that entry.
9. Restart computer.
10. Search for *.exe files in all drives including the hidden files. In the search options, mark "Search Hidden Files". Remove all files that are displayed as folder icons.

Now you are free from Brontok virus.