?
Solved

w32.rontokbro@mm Virus

Posted on 2006-10-29
4
Medium Priority
?
1,392 Views
Last Modified: 2007-12-19
Please advise how can I remove this w32.rontokbro@mm virus from my computer.
0
Comment
Question by:Loyiso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1000 total points
ID: 17828044
You can remove it by deleting all the files that W32.Rontokbro dropped in your system.

Some of the files will show up in the hijackthis log, let's look at it.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 2

Assisted Solution

by:The_Maverick
The_Maverick earned 1000 total points
ID: 17828069
I had a real wrestling match with this particular nasty just the other day. It was made difficult by the fact that everytime I opened a window to use a useful tool the system reboots - and it appears to have some kind of watchdog timers that restore the infected files a few seconds after you delete them.

After a couple of hours (of little success) I changed tacks and used a different technique that stopped it dead in it's tracks ... I removed the infected Hard Disk Drive ... attached it (as a drive D) to a clean system - then ran a scan that deleted all instances of it. Worked like a charm.

The virus won't infect the new PC because the PC isn't booting from the infected drive - and you can get a free scan from (off memory) www3.ca.com/virusinfo/virusscan.aspx (or is it ww3.ca.com/virusinfo/viruscan.aspx).

Hope this helps!

PS: There are some registry tools that you might have to download from www.sarc.com to re-enable regedit once you've removed the infected files - just do a search on the virus name to find them - or drop me a note here if you get lost.

Cheers,

Mav.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question