Solved

w32.rontokbro@mm Virus

Posted on 2006-10-29
4
1,370 Views
Last Modified: 2007-12-19
Please advise how can I remove this w32.rontokbro@mm virus from my computer.
0
Comment
Question by:Loyiso
4 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
Comment Utility
You can remove it by deleting all the files that W32.Rontokbro dropped in your system.

Some of the files will show up in the hijackthis log, let's look at it.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 2

Assisted Solution

by:The_Maverick
The_Maverick earned 250 total points
Comment Utility
I had a real wrestling match with this particular nasty just the other day. It was made difficult by the fact that everytime I opened a window to use a useful tool the system reboots - and it appears to have some kind of watchdog timers that restore the infected files a few seconds after you delete them.

After a couple of hours (of little success) I changed tacks and used a different technique that stopped it dead in it's tracks ... I removed the infected Hard Disk Drive ... attached it (as a drive D) to a clean system - then ran a scan that deleted all instances of it. Worked like a charm.

The virus won't infect the new PC because the PC isn't booting from the infected drive - and you can get a free scan from (off memory) www3.ca.com/virusinfo/virusscan.aspx (or is it ww3.ca.com/virusinfo/viruscan.aspx).

Hope this helps!

PS: There are some registry tools that you might have to download from www.sarc.com to re-enable regedit once you've removed the infected files - just do a search on the virus name to find them - or drop me a note here if you get lost.

Cheers,

Mav.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now