Removing W32.Rontokbro.B@mm

Discussion in 'Computer Security' started by Thet Aung Min Latt, Feb 26, 2006.

  1. Removing W32.Rontokbro.B@mm


    1. Disable System Restore (Windows Me/XP).

    2. Restarted your computer in Safe mode

    3. In safe mode run xp_secconsole.exe and in Windows explorer > uncheck
    Disable Folder Options then in System Security > uncheck Disable
    Regedit after that exit that application.

    xp_secconsole.exe can be download from
    http://www.dougknox.com/xp/utils/xp_secconsole.zip

    4. Delete the following files:

    %UserProfile%\Local Settings\Application Data\csrss.exe
    %UserProfile%\Local Settings\Application Data\inetinfo.exe
    %UserProfile%\Local Settings\Application Data\lsass.exe
    %UserProfile%\Local Settings\Application Data\services.exe
    %UserProfile%\Local Settings\Application Data\smss.exe
    %UserProfile%\Local Settings\Application Data\winlogon.exe
    %UserProfile%\Start Menu\Programs\Startup\Empty.pif
    %UserProfile%\Templates\A.kotnorB.com
    %Windir%\inf\norBtok.exe
    %System%\3D Animation.scr

    Note:
    %System% is a variable that refers to the System folder. By default
    this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32
    (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    %Windir% is a variable that refers to the Windows installation folder.
    By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt
    (Windows NT/2000).
    %UserProfile% is a variable that refers to the current user's profile
    folder. By default, this is C:\Documents and Settings\[CURRENT USER]
    (Windows NT/2000/XP).


    Delete the directory:

    %UserProfile%\Local Settings\Application Data\Bron.tok-3-3

    5. delete the scheduled tasks added by the worm

    Click Start, and then click Control Panel. (In Windows XP, switch to
    Classic View.)
    In the Control Panel window, double click Scheduled Tasks.
    Right click the task icon and select Properties from pop-up menu.
    The properties of the task is displayed.
    Delete the task if the contents of the Run text box in the task pane,
    matches the following:

    %UserProfile%\Templates\A.kotnorB.com

    Note that if you use removable storage media, it's sure that device
    will be with that virus. So what you can do is here. Folder Options >
    click View All file and folder and Click System file and folder. And
    view your device there will be some virus files in your device. Just
    give them SHIFT + DELETE. There you go, happy, your system is clean
    now. Thanks for reading this.

    By Thet Aung Min Latt

    thetaung.amyanmar.com
     
    Thet Aung Min Latt, Feb 26, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Larry Samuels

    Updated Security alert!! W32/Mydoom@MM

    Larry Samuels, Jan 29, 2004, in forum: Microsoft Certification
    Replies:
    1
    Views:
    517
    Consultant
    Jan 29, 2004
  2. benrand
    Replies:
    0
    Views:
    444
    benrand
    Nov 21, 2003
  3. Larry Samuels

    Updated Security alert!! W32/Mydoom@MM

    Larry Samuels, Jan 29, 2004, in forum: MCSE
    Replies:
    10
    Views:
    793
    The Poster Formerly Known as Kline Sphere
    Jan 29, 2004
  4. removing w32/sdbot.worm.gen

    , Apr 3, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    2,362
  5. Piet  Slaghekke
    Replies:
    4
    Views:
    1,158
    John Holmes
    Jan 2, 2007
Loading...

Share This Page