W32.Rontokbro Worm

Lowyat.NET Lowyat.NET Rules and Regulations

FAQ Help Search Members Calendar

Outline · [ Standard ] · Linear+

W32.Rontokbro Worm, updated : removal tools

Share on

| Track this topic | Email this topic | Print this topic

sUBs

Sep 13 2006, 07:57 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #501

RIP

Retired Tech Support mod

Group: VIP
Posts: 3,932
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2005

Means that you were never infected in the first place.

Maybe I should have CleanX-II auto-format machines that aren't infected.

Nightfalls

Sep 20 2006, 03:05 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #502

PWNED

Group: Senior Member
Posts: 520
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Feb 2006
From: ~Oblivion~

New Brontok? Locks up everything including in safe mode

Items Locked

MSCONFIG
REGEDIT
FOLDER OPTION
ALL ANTI VIRUSES
RUN OPTION
TASK MANAGER
SHORTCUT KEYS

Having so much fun killing it.... can't even do anything

sUBs

Sep 20 2006, 03:13 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #503

RIP

Retired Tech Support mod

Group: VIP
Posts: 3,932
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2005

Sounds like one of the earliest versions. What's the filesize?

Does it automatically reboot the machine if you try to run cmd.exe?

Nightfalls

Sep 20 2006, 03:53 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #504

PWNED

Group: Senior Member
Posts: 520
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Feb 2006
From: ~Oblivion~

nope... won't auto reboot when i run anything... juz give me warning message that everything is locked lor...

sUBs

Sep 20 2006, 08:01 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #505

RIP

Retired Tech Support mod

Group: VIP
Posts: 3,932
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2005

How does it give warning? A screenshot help says a thousand words.

If running Hijackthis isnt rebooting your machine, then post a log. Being vague doesn't help your cause.

This post has been edited by sUBs: Sep 20 2006, 08:04 PM

eggy

Sep 23 2006, 01:23 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #506

Question authority; but, raise your hand 1st

Group: Senior Member
Posts: 1,733
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Feb 2006
From: Kajang | Shah Alam Mood: Confused -_-"

QUOTE(Nightfalls @ Sep 20 2006, 03:53 PM)

nope... won't auto reboot when i run anything... juz give me warning message that everything is locked lor...

Is the error message saying something like the Adminstrator disable the features?

kingkongmonkey

Sep 29 2006, 12:37 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #507

Getting Started

Group: Junior Member
Posts: 117
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Mar 2006
From: Klang

QUOTE(sUBs @ Sep 13 2006, 07:57 AM)

Means that you were never infected in the first place.

Maybe I should have CleanX-II auto-format machines that aren't infected.

ic ic ....thanks ...ehehe

nxfx

Oct 22 2006, 12:28 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #508

Enthusiast

Group: Senior Member
Posts: 828
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2003

Running UnHookExec.inf do not enable regedit. What the heck i do now??

nasboyz

Oct 22 2006, 12:56 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #509

Getting Started

Group: Junior Member
Posts: 69
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2003
From: Ampang Selangor

Brontok.N i really hate it...

manyak suey ooo...disable everything about security...

luckly i have the cleaner for that brontok....

nxfx

Oct 24 2006, 02:49 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #510

Enthusiast

Group: Senior Member
Posts: 828
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2003

Problem solved. Removed the worm from the process using 3rd party program and continue with the usual brontok removal procedure.

TrialUserXP

Nov 8 2006, 04:12 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #511

Casual

Group: Junior Member
Posts: 480
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2003

what's the thirdparty tool u used?

darude87

Dec 6 2006, 08:53 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #512

hhhoooiii!!!

Group: Senior Member
Posts: 748
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jun 2005

hey,lately my friend told me that her comp is infected by brontok (through telling me those signs such as folder option missing,auto duplicate folders)
so i gave her cleanX-II,but she say that when she run cleanX-II,her comp will auto restart,any idea why is it like that? and any free antivirus can easily solve brontok?

psYCHopath

Dec 7 2006, 12:36 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #513

Collector / Trader of Hamster

Group: Senior Member
Posts: 599
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jan 2003
From: Subang,Sunway Coll

/off topic/

how come first page, most replies are edited by Moderators or Staff?

Edited:
i mean post such as number 2, 4, 5, 7, 9, 10, 11, 12, 13, 14 (in the first page for this thread)

This post has been edited by psYCHopath: Dec 7 2006, 03:23 AM

eXPeri3nc3

Dec 7 2006, 01:32 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #514

Watashiwa Watashini Nareta

Group: Senior Member
Posts: 8,310
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Aug 2005
From: Lurking In The Forum Status: 1+3+3=7

QUOTE(psYCHopath @ Dec 7 2006, 01:36 AM)

/off topic/

how come first page, most replies are edited by Moderators or Staff?

So that they could update the links/info in the first place.

owenwong84

Dec 11 2006, 09:19 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #515

Zin zin

Group: Senior Member
Posts: 608
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Oct 2004

halo...
i got this virus called " surat untuk edelin"
But what i discovered is the folder option is not available.
I have use the Cleanx-II but still doesn't work.
What should i do now?

» Click to show Spoiler - click again to hide... «

I came across this when i was running the cleanx:

This post has been edited by owenwong84: Dec 11 2006, 11:45 AM

morpheus5

Dec 11 2006, 03:18 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #516

Getting Started

Group: Junior Member
Posts: 127
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Jul 2005

the RegDelete is safe, anyone tried playing wif it with process guard?
http://www.diamondcs.com.au/processguard/
if brontok doesn't block this, you can do wonders.

kingkongmonkey

Dec 14 2006, 09:32 AM

Show posts by this member only |This post's rating (0+, 0-) | Post #517

Getting Started

Group: Junior Member
Posts: 117
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Mar 2006
From: Klang

my av said ive infected so
i run cleanx on my laptop..
this is the result..
so..any idea what the result said?
no virus??

Attached File(s)

CleanX_II.txt ( 15.37k ) Number of downloads: 28

eggy

Dec 19 2006, 10:53 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #518

Question authority; but, raise your hand 1st

Group: Senior Member
Posts: 1,733
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Feb 2006
From: Kajang | Shah Alam Mood: Confused -_-"

QUOTE(owenwong84 @ Dec 11 2006, 09:19 AM)

halo...
i got this virus called " surat untuk edelin"
But what i discovered is the folder option is not available.
I have use the Cleanx-II but still doesn't work.
What should i do now?

» Click to show Spoiler - click again to hide... «

I came across this when i was running the cleanx:

Allow the script to run.

IceBeam

Dec 24 2006, 03:10 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #519

Newbie

Group: New Member
Posts: 1
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Dec 2005

Okay, I kinda read some of the last posts but didnt quiet get it. Not a comp expert...

Anyway, I got infected with Brontok.H (according to AntiVir) and quarantine all files included infected files like svchost,winlogon etc. Then because AntiVir could fix my files I just deleted those and my Windows kinda got corrupted or something... So i had to reformat.

Then my brother had to recover some old files because the backup I made for certain files got corrupted and accidentally recovered Brontok.H. Now I'm running AntiVir again... After that... what should I do?

This post has been edited by IceBeam: Dec 24 2006, 03:11 PM

t3chn0m4nc3r

Dec 26 2006, 08:58 PM

Show posts by this member only |This post's rating (0+, 0-) | Post #520

Property of ♥BaBe_hImEsAn♥

Group: Senior Member
Posts: 3,190
Ratings earned: 0+, 0-
Ratings given: 0+, 0-

Joined: Sep 2006
From: Internet

Any1 here know wat's anti-vermin...?

« Next Oldest · Technical Support · Next Newest »