Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

w32.rontokbro@mm Virus

Posted on 2006-10-29
4
Medium Priority
?
1,397 Views
Last Modified: 2007-12-19
Please advise how can I remove this w32.rontokbro@mm virus from my computer.
0
Comment
Question by:Loyiso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1000 total points
ID: 17828044
You can remove it by deleting all the files that W32.Rontokbro dropped in your system.

Some of the files will show up in the hijackthis log, let's look at it.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 2

Assisted Solution

by:The_Maverick
The_Maverick earned 1000 total points
ID: 17828069
I had a real wrestling match with this particular nasty just the other day. It was made difficult by the fact that everytime I opened a window to use a useful tool the system reboots - and it appears to have some kind of watchdog timers that restore the infected files a few seconds after you delete them.

After a couple of hours (of little success) I changed tacks and used a different technique that stopped it dead in it's tracks ... I removed the infected Hard Disk Drive ... attached it (as a drive D) to a clean system - then ran a scan that deleted all instances of it. Worked like a charm.

The virus won't infect the new PC because the PC isn't booting from the infected drive - and you can get a free scan from (off memory) www3.ca.com/virusinfo/virusscan.aspx (or is it ww3.ca.com/virusinfo/viruscan.aspx).

Hope this helps!

PS: There are some registry tools that you might have to download from www.sarc.com to re-enable regedit once you've removed the infected files - just do a search on the virus name to find them - or drop me a note here if you get lost.

Cheers,

Mav.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
How does someone stay on the right and legal side of the hacking world?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question