Solved

w32.rontokbro@mm Virus

Posted on 2006-10-29
4
1,383 Views
Last Modified: 2007-12-19
Please advise how can I remove this w32.rontokbro@mm virus from my computer.
0
Comment
Question by:Loyiso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 17828044
You can remove it by deleting all the files that W32.Rontokbro dropped in your system.

Some of the files will show up in the hijackthis log, let's look at it.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 2

Assisted Solution

by:The_Maverick
The_Maverick earned 250 total points
ID: 17828069
I had a real wrestling match with this particular nasty just the other day. It was made difficult by the fact that everytime I opened a window to use a useful tool the system reboots - and it appears to have some kind of watchdog timers that restore the infected files a few seconds after you delete them.

After a couple of hours (of little success) I changed tacks and used a different technique that stopped it dead in it's tracks ... I removed the infected Hard Disk Drive ... attached it (as a drive D) to a clean system - then ran a scan that deleted all instances of it. Worked like a charm.

The virus won't infect the new PC because the PC isn't booting from the infected drive - and you can get a free scan from (off memory) www3.ca.com/virusinfo/virusscan.aspx (or is it ww3.ca.com/virusinfo/viruscan.aspx).

Hope this helps!

PS: There are some registry tools that you might have to download from www.sarc.com to re-enable regedit once you've removed the infected files - just do a search on the virus name to find them - or drop me a note here if you get lost.

Cheers,

Mav.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question