fattygiant
Posts: 12 +0
my notebook is now infected by this virus: W32.Rontokbro@mm ....Please help me how to deal with this?
W32.Rontokbro@mm
- Thread starter fattygiant
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Tedster
Posts: 5,746 +14
howard_hopkinso
Posts: 21,238 +17
Tedster said:
Lol Tedster. That`s the very same link as in my post.
Regards Howard
fattygiant
Posts: 12 +0
still not workin
i 've done it ... but ... still not working ... is there onther way??
i 've done it ... but ... still not working ... is there onther way??
howard_hopkinso
Posts: 21,238 +17
Go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Then see. How to post your Hijackthis log-file as an ATTACHMENT.
Regards Howard
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Then see. How to post your Hijackthis log-file as an ATTACHMENT.
Regards Howard
sorry to hijack your post. i've noticed signs of rontokbro on our network. symantec antivirus intercepts the load and promptly deletes them. i'm not exactly happy that the antivirus is merely doing its job. i want to find out where in the network is the infected machine so i can fix it once and for all. The manner in which it drop its load is not like the write ups on the internet.
symptoms:
- load is dropped into pcs with an active guest account without password.
- load is dropped using the guest account
- load takes the name of the directory it's dropped into eg. c:\winnt\system32\drivers\drivers.exe
- it attempts to drop its load into every single directory and subdirectory. the pc will appear to hang while its doing its rounds.
another interesting observation. after disabling the guest account, a different file in dropped into the pc - this time its qwe.bat and identified by symantec av as secefa. the secefa payload is dropped in using the system account. perhaps secefa and rontokbro mated and this is their offspring.
any idea how i can trace it to the infected machine?
rgds jon
symptoms:
- load is dropped into pcs with an active guest account without password.
- load is dropped using the guest account
- load takes the name of the directory it's dropped into eg. c:\winnt\system32\drivers\drivers.exe
- it attempts to drop its load into every single directory and subdirectory. the pc will appear to hang while its doing its rounds.
another interesting observation. after disabling the guest account, a different file in dropped into the pc - this time its qwe.bat and identified by symantec av as secefa. the secefa payload is dropped in using the system account. perhaps secefa and rontokbro mated and this is their offspring.
any idea how i can trace it to the infected machine?
rgds jon
- Status
Similar threads
