Title: Rontokbro

Type: Worms

Remove Rontokbro. Removal instructions

Also known as: Brontok

Severity scale:

(66 / 100)

Rontokbro is a rapidly spreading Internet worm that propagates by e-mail in messages with infected attachments. Once the user executes such an attachment, the parasite installs itself to the system and runs its spreading routine. It scans the entire system for e-mail addresses and sends itself there using own mail engine. Rontokbro modifies essential system settings in order to disable standard Windows tools such as the Registry Editor or Command Prompt. It also immediately restarts a computer when it detects certain software running. Such software can be various antivirus and anti-spyware programs, web browsers, programming tools and many other popular applications. Rontokbro may launch an attack against several well-known web sites. The worm's activity severely degrades overall system performance and Internet connection speed and causes general system instability. The parasite runs on every Windows startup.

Related files: csrss.exe, cvt.exe, idtemplate.exe, inetinfo.exe, kangent.exe, lsass.exe, services.exe, a.kotnorb.com, empty.pif, 3d animation.scr, smss.exe, bronstab.exe, eksplorasi.exe, ~dfa861.tmp, sempalong.exe

Rontokbro properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Rontokbro removal:

remover for Rontokbro

SpyHunter is recommended remover to uninstall Rontokbro. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Rontokbro using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Rontokbro (2008-12-26 11:49:18)

Malwarebytes Anti Malware

download | review

We are testing Malwarebytes Anti Malware's efficiency at removing Rontokbro (2008-12-26 11:49:18)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Rontokbro (2008-12-26 11:49:18)

XoftSpySE Anti Spyware

download | review

Rontokbro manual removal:

FORUM:
Discuss Rontokbro in
spyware removal forum

Kill processes:
csrss.exe, cvt.exe, idtemplate.exe, inetinfo.exe, kangent.exe, lsass.exe, services.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bron-spizaetus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD=2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistry
Tools=1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\?�?Bron-Spizaetus?�? = ?�?C:\WINDOWS\PIF\CVT.exe?�?
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Policies\System\?�?DisableRegistryTools?�? = ?�?1?��
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Policies\Explorer\?�?NoFolderOptions?�? = ?�?1?��
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Policies\System\?�?DisableCMD?�? = ?�?2?��

HELP:
how to remove registry entries

Delete files:
csrss.exe cvt.exe idtemplate.exe inetinfo.exe kangent.exe lsass.exe services.exe a.kotnorb.com empty.pif 3d animation.scr smss.exe bronstab.exe eksplorasi.exe Temp\\~dfa861.tmp sempalong.exe eksplorasi.exe

HELP:
how to remove harmful files

Delete directories:
C:\Documents and Settings\[Current User]\Local Settings\Application Data\bron.tok-24
Misc:
kangen.exe is the infected file that arrives attached to malicious e-mail messages sent by Rontokbro.

Exact file location:
cvt.exe - C:\Windows\PIF or C:\Winnt\PIF
3d animator.scr - C:\Windows\System32 or C:\Winnt\System32
a.kotnorb.com - C:\Documents and Settings\[Current User]\Templates
empty.pif - C:\Documents and Settings\[Current User]\Programs\Startup
csrss.exe, idtemplate.exe, inetinfo.exe, lsass.exe, services.exe - C:\Documents and
Settings\[Current User]\Application Data

Information added: 2005-09-24 03:07:34
Information updated: 2008-12-26 09:12:03

Additional resources related to Rontokbro:

Attention: If you know or you have a website or page about Rontokbro removal, feel free to add a link to this list: add url

more resources

Guest

thnaks for the support

Reply »

2006 12 21

<Guest>

what if the virus, disable the task manager? but anyhow thanks again.

Reply »

2008 11 09

<Guest>

asdasdasdadasdasdasdasdasdasd

Reply »

2008 12 26

Post Comment:

Attention: Use this form only if you have additional information about Rontokbro parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Latest spyware news:

Subscribe to news

Similar parasites:

Related discussions:

Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.