Guide: Detection & Removal Of Malware 2
Dan Sippy, May 27, 2007 1130 hrs IST
Since our last guide, you now know how to battle Adware and Spyware. Your PC is probably still sick because of other malware. Check!
WORM_RONTOKBRO.A
I came across WORM_RONTOKBRO.A recently and have understood the threat this is if it spreads on ones computer. This is a bit lengthy procedure, but it's the best one I've discovered.
Malware type: Worm
Aliases: W32.Rontokbro@mm, W32/Rontokbro, Win32/Robknot.A, Win32/Robknot.A!Worm
Status: Still active in various parts of the world.
Destructive: Yes
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Encrypted: No
File type: PE (Portable Executable)
Memory resident: Yes
Size of malware: 102,400 Bytes
Initial samples received on: Sep 28, 2005
Payload 1: Restarts system (Payload is a code that helps a worm to further infect your system and also prevents the removal of a worm)
Trigger condition 1: When a window with the strings ".EXE" and "REGISTRY" in the title bar is opened.
Payload 2: Removes the Folder Options item from all Windows Explorer menus
Trigger condition 1: Upon execution (As soon as it infects your system).
Payload 3: Disables Registry Editor
Trigger condition 1: Upon execution (As soon as it infects your system).
Payload 4: Pauses system startup on Windows 95, 98, and ME
Trigger condition 1: Upon overwriting of AUTOEXEC.BAT (not for XP).
Details:
This is how the worm acts after it enters your system:
Installation and Autostart Technique-Upon execution, this memory-resident worm drops copies of itself as the following:
* %System%\3D Animation.scr
* C:\Windows\PIF\CVT.exe
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and 2003.)
I've separated the procedures for different platforms. The worm drops copies of itself differently on different platforms:
On Windows 2000, XP, and Server 2003
* %UserProfile%\Local Settings\Application Data\csrss.exe
* %UserProfile%\Local Settings\Application Data\IDTemplate.exe
* %UserProfile%\Local Settings\Application Data\inetinfo.exe
* %UserProfile%\Local Settings\Application Data\lsass.exe
* %UserProfile%\Local Settings\Application Data\services.exe
* %UserProfile%\Local Settings\Application Data\winlogon.exe
* %UserProfile%\Start Menu\Programs\Startup\Empty.pif
* %UserProfile%\Templates\A.kotnorB.com
Note: %UserProfile% is the User Profile folder, which is usually C:\Documents and Settings\{user name}
USER COMMENTS
by chakri, guntu, on Aug 03, 2007 02:02 PM, Report abuse Reply
i have got trojan virus in my pc and it is taking so much time in booting and my desktop background has been al;so affected . some windows programmes are not running properly
by manish, patna, on Jul 24, 2007 02:32 PM, Report abuse Reply
i have no idea who is this article targeted at. what i mean is Mr Sippy starts off with explaining me what a virus is. Mr Sippy guys reading this page r supposed 2 be geeks and have basic idea of what virus are. Than he jumps 2 highly pro stuff removing a particular virus manually. is that the only virus i need 2 worry abt and having just learned what a virus is am i suppose 2 be able 2 remove 1 all by myself. and damn rite i am not satisfied by the antivirus choices. only 2 are mentioned. i am not told weather thay paid or free and what abt the darling of all times AVG. y their ant a justification given are the antivirus mentioned stand in comparison with that. over all i believe this article was not useful at all, WASt of my 10 min, poor piece of a copy past job (From Wikipedia.com) add 4 those 2 antivirus. at the ens of it i dont know y i am reviewing this piece of $h!t
by tech_4_u, $%^%, on May 28, 2007 12:59 AM, Report abuse Reply
dude this is a good article to learn some thing why don't you try to gain the knowledge he has given instead of criticizing it after all what you are saying no one is learning any thing out of it here in this article I got some thing and I am sure there would be many others like me who would love to read even the single piece of good informations like this I am having a problem these days in my system and AVG etc many other antiviruses were not able to detect it I did not want to format the system this article gave me some insight to problem and I am still working on solution this is a good article on techtree specially if some one has got serious problems on serious data that you can not format you need such informations luckily I was just browsing it and got it
by et1e, cdvd, on Jul 24, 2007 05:38 AM, Report abuse
I am using Spy Sweeper as per your advise but while this programme is running it does not allow me to launch any other thing. i.e i cannot launch any program/MSN/ iExplorer etc. As soon as i close Spy Sweeper all programmes run fine.
by Hyp3rion, Delhi, on Jun 05, 2007 05:44 AM, Report abuse Reply
Great Job, Techtree!!!. One of the most interesting articles of late.
by Shashank Raj, Pune, on Jun 03, 2007 01:35 AM, Report abuse Reply
i have no idea who is this article targeted at. what i mean is Mr Sippy starts off with explaining me what a virus is. Mr Sippy guys reading this page r supposed 2 be geeks and have basic idea of what virus are. Than he jumps 2 highly pro stuff removing a particular virus manually. is that the only virus i need 2 worry abt and having just learned what a virus is am i suppose 2 be able 2 remove 1 all by myself. and damn rite i am not satisfied by the antivirus choices. only 2 are mentioned. i am not told weather thay paid or free and what abt the darling of all times AVG. y their ant a justification given are the antivirus mentioned stand in comparison with that. over all i believe this article was not useful at all, WASt of my 10 min, poor piece of a copy past job (From Wikipedia.com) add 4 those 2 antivirus. at the ens of it i don't know y i am reviewing this piece of $h!t
by tech_4_u, kolkata, on May 28, 2007 08:13 PM, Report abuse Reply
this article aint comparing anti-virus software dipshit.....to be honest there is NO ANTI-VIRUS on this planet that can keep your PC 100% Safe.......thats why this guy is trying to help us....he gave us the best options....and its our decision to buy the original or download the trial version.....so why should he tell u?? he has recommended 2.....why more....u want to create confusion.....let see, mr reviewer has mentioned 6 (as u have put it) anti-virus softwares, now wat to do? aint the person reading that gonna be confused?? dipshit
by no_tech_4_u, khatakhola, on Jun 01, 2007 12:51 PM, Report abuse
Keep it up. One of the best on techtree.
by Ashok, Mumbai, on May 31, 2007 10:09 AM, Report abuse Reply
by Vinit Bhatt, Surat, on May 28, 2007 11:09 PM, Report abuse Reply
Very nice guide for virus removal, but too late. I have already been affected with this RONTOKBRO.A and since dont know wat to do, formatted the c: drive, and reinstalled XP. Anyway thanks. Now its working fine.
by Bharath, Chennai, on May 28, 2007 08:01 PM, Report abuse Reply
i have no idea who is this article targeted at. what i mean is Mr Sippy starts off with explaining me what a virus is. Mr Sippy guys reading this page r supposed 2 be geeks and have basic idea of what virus are. Than he jumps 2 highly pro stuff removing a particular virus manually. is that the only virus i need 2 worry abt and having just learned what a virus is am i suppose 2 be able 2 remove 1 all by myself. and damn rite i am not satisfied by the antivirus choices. only 2 are mentioned. i am not told weather thay paid or free and what abt the darling of all times AVG. y their ant a justification given are the antivirus mentioned stand in comparison with that. over all i believe this article was not useful at all, WASt of my 10 min, poor piece of a copy past job (From Wikipedia.com) add 4 those 2 antivirus. at the ens of it i dont know y i am reviewing this piece of $h!t
by tech_4_u, kolkata, on May 28, 2007 11:23 AM, Report abuse Reply
VIEW ALL LATEST
BlackBerry Pearl Flip Launched in India
News > Consumer Electronics , January 06, 2009 1455 hrs IST
First clamshell from RIM ...
Samsung to Showcase 6.5mm LCD TV at CES
News > Consumer Electronics , January 06, 2009 1515 hrs IST
Thin TV is in ...
Motorola Renew -- Eco-friendly Phone
News > Gadgets , January 06, 2009 1411 hrs IST
Made using plastic from recycled water bottles ...
Thin HP Pavilion dv2 has AMD's Neo Platform
News > Gadgets , January 06, 2009 1355 hrs IST
A show-stealer ...
AMD to Intro 45nm Desktop CPUs in Q3
News > Hardware , January 06, 2009 1259 hrs IST
Join business class processors ...
MOST REQUESTED REVIEWS
MOST POPULAR NEWS
|
Ghajini Site Has Viral ElementsGiven the potential to drive online audience to the movie, the site creators sho... |
|
Chandrayaan's MIP Images SoonScientists studying the features of the lunar surface before images are released... |
|
BSNL Launches IPTV in HaryanaEntertainment on demand |
MOST POPULAR REVIEWS
MOST POPULAR GAMES
MOST POPULAR DOWNLOADS
|
SysExporterDownloads | System Tools | 21 Dec 2008 |
|
ml_iPod Plug-in for WinampDownloads | Plugins and Add-ons | 22 Dec 2008 |
|
CrystalDiskInfoDownloads | System Tools | 30 Dec 2008 |
Home | Products | News | Reviews | User Reviews | Games | Downloads | Guides | Forums | Columns | Comments | Price Search | eClassifieds | Ask TechTree | Contests
Site Map | Feedback | Sales Offices | Contact Us | Disclaimer
Copyright(C) 2009 ITNation India Pvt. Ltd. All rights reserved.
i want to hacking ANY SITE PLZ. HELP ME
by raja11111, NOIDA, on Sep 09, 2007 11:25 PM, Report abuse Reply