Got problem with W32.Rontokbro.B@mm

Got problem with W32.Rontokbro.B@mm
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Got problem with W32.Rontokbro.B@mm Thet Aung Min Latt 02-19-2006
Posted by Thet Aung Min Latt on February 19, 2006, 9:20 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Got problem with your Antivirus software and it's not working and want
to
find manual way to trash out bullshit virus called W32.Rontokbro.B@mm

Steps for Removing W32.Rontokbro.B@mm


1. Disable System Restore (Windows Me/XP).


2. Restarted your computer in Safe mode


3. In safe mode run xp_secconsole.exe and in Windows explorer > uncheck

Disable Folder Options then in System Security > uncheck Disable
Regedit after that exit that application.


xp_secconsole.exe can be download from
http://www.dougknox.com/xp/utils/xp_secconsole.zip


4. Delete the following files:


%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
%UserProfile%\Start Menu\Programs\Startup\Empty.pif
%UserProfile%\Templates\A.kotnorB.com
%Windir%\inf\norBtok.exe
%System%D Animation.scr


Note:
%System% is a variable that refers to the System folder. By default
this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32
(Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Windir% is a variable that refers to the Windows installation folder.
By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt
(Windows NT/2000).
%UserProfile% is a variable that refers to the current user's profile
folder. By default, this is C:\Documents and Settings\[CURRENT USER]
(Windows NT/2000/XP).


Delete the directory:


%UserProfile%\Local Settings\Application Data\Bron.tok-3-3


5. delete the scheduled tasks added by the worm


Click Start, and then click Control Panel. (In Windows XP, switch to
Classic View.)
In the Control Panel window, double click Scheduled Tasks.
Right click the task icon and select Properties from pop-up menu.
The properties of the task is displayed.
Delete the task if the contents of the Run text box in the task pane,
matches the following:


%UserProfile%\Templates\A.kotnorB.com


By Thet Aung Min Latt, Yangon, Myanmar


thetaung@gmail.com
thetaung.amyanmar.com


Similar ThreadsPosted
W32.RontokBro.B@mm May 15, 2006, 5:05 am
W32/RontokBro.gen@MM Virus June 18, 2006, 11:33 am
URL problem April 4, 2007, 3:50 pm
Very odd dns problem July 5, 2007, 4:23 pm
W32.alcra.b problem July 1, 2005, 2:34 pm
Please Help! Problem with Start Up!! August 27, 2005, 11:35 am
VundoFix - another problem September 8, 2005, 2:20 am
possible virus problem... help!!!! November 24, 2005, 1:56 pm
spyware problem December 10, 2005, 11:39 pm
PROBLEM WITH FIREWALL AND IIS December 23, 2005, 3:01 pm

The site map in XML format XML site map

Contact Us | Privacy Policy