TechSpot

W32.Rontokbro@mm

By fattygiant
Feb 12, 2006
  1. my notebook is now infected by this virus: W32.Rontokbro@mm ....Please help me how to deal with this?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Make sure your antivirus programme is up to date, and has the latest virus deffinition files.

    Boot into safe mode, and turn off system restore.

    Do a complete scan with your antivirus, and remove anything it finds.

    See HERE for further info.

    Regards Howard :)
     
  3. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  5. fattygiant

    fattygiant TS Rookie Topic Starter

    still not workin

    i 've done it ... but ... still not working ... is there onther way??
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  7. jon2367

    jon2367 TS Rookie

    sorry to hijack your post. i've noticed signs of rontokbro on our network. symantec antivirus intercepts the load and promptly deletes them. i'm not exactly happy that the antivirus is merely doing its job. i want to find out where in the network is the infected machine so i can fix it once and for all. The manner in which it drop its load is not like the write ups on the internet.
    symptoms:
    - load is dropped into pcs with an active guest account without password.
    - load is dropped using the guest account
    - load takes the name of the directory it's dropped into eg. c:\winnt\system32\drivers\drivers.exe
    - it attempts to drop its load into every single directory and subdirectory. the pc will appear to hang while its doing its rounds.

    another interesting observation. after disabling the guest account, a different file in dropped into the pc - this time its qwe.bat and identified by symantec av as secefa. the secefa payload is dropped in using the system account. perhaps secefa and rontokbro mated and this is their offspring.

    any idea how i can trace it to the infected machine?

    rgds jon
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...