w32.rontokbro@mm Virus

Please advise how can I remove this w32.rontokbro@mm virus from my computer.
LoyisoAsked:
Who is Participating?
 
rpggamergirlConnect With a Mentor Commented:
You can remove it by deleting all the files that W32.Rontokbro dropped in your system.

Some of the files will show up in the hijackthis log, let's look at it.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
The_MaverickConnect With a Mentor Commented:
I had a real wrestling match with this particular nasty just the other day. It was made difficult by the fact that everytime I opened a window to use a useful tool the system reboots - and it appears to have some kind of watchdog timers that restore the infected files a few seconds after you delete them.

After a couple of hours (of little success) I changed tacks and used a different technique that stopped it dead in it's tracks ... I removed the infected Hard Disk Drive ... attached it (as a drive D) to a clean system - then ran a scan that deleted all instances of it. Worked like a charm.

The virus won't infect the new PC because the PC isn't booting from the infected drive - and you can get a free scan from (off memory) www3.ca.com/virusinfo/virusscan.aspx (or is it ww3.ca.com/virusinfo/viruscan.aspx).

Hope this helps!

PS: There are some registry tools that you might have to download from www.sarc.com to re-enable regedit once you've removed the infected files - just do a search on the virus name to find them - or drop me a note here if you get lost.

Cheers,

Mav.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.