Kamis, 19 Maret 2009

Tackling RONTOKBRO Virus / BRORONTOK

Virus RONTOKBRO or BRONTOK

Brief Introduction:

This worm virus bertipe (can duplicate itself), and spread through
email attachment (email viruses).

Virus name: brorontok, Rontokbro, ..

The virus is spread kira2 the first time in September 2005, made by
Indonesian people because his email signature in Indonesia
and I also see the contents in the virus and binari and found
the names of the functions in an ascii code is the word language
such as keluarDOng (), etc ...

================================================== ========
Steps to clean your computer from viruses Barontok:
================================================== ========

(To win 95, 98, ME)
- Log in to safe mode: Reboot ago setelahh appear display bios
press Ctrl, select Safe mode and press enter
- Continue straight from step 5

(For Windows ME and XP)
Turn off Windows System Restore
Start-> Settings-> Control panel-> System or
Start-> Control Panel-> System

on the System restore tab ... select the option "Turn off System Restore"


(For Win 2000, XP Home / Pro, Server 2003)

1. Reboot and go into safe mode.
** Restart windows, the display appears after the BIOS and press F8, will be ad
options: Safe mode, Normal ,.... select safe mode and press enter

2. Then enter the windows login with administrator or other user of
have auth as administrator,

3. Create a new user account with the account type: Computer Administrator
ago logoff and login with the new account is created.


------------------------------------------
The Autostart virus in registry
------------------------------------------

4. Open regedit: Start menu-> Run-> Regedit.exe and press enter
In the left panel select key:
HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Bron-Spizaetus = "........"
In the left panel select key:
HKEY_CURRENT_USER> Software> Microsoft> Windows> CurrentVersion> Run
ago in the right pane, delete the key:
Tok-Cirrhatus = "......"

** Note:
If regedit can not be opened (error messages appear) .. This is
one due to virus barontok.
For files that have been made to overcome the problem page:



After the detach, right-click the file page and select "Install .."
ago continue step 4.

------------------------------------------------
The Autostart virus in Scheduled task
------------------------------------------------

5. Open Secheduled Task in the Control Panel:
Start-> Settings-> Control Panel-> Scheduled Task and press enter

Remove the task with the name "At1" or anything related to the virus.
Tip: Right-click the task-> properties, then see if the content and properties
ad contents of suspicious command example: BArontok.com, etc. .. remove
task is.

-------------------------------------------------- -------
Search and Delete files in the drive virus computer
-------------------------------------------------- -------

6. Enable the option Show hidden Files and Extension:
Start-> Settings-> Control panel or
Start-> Control Panel

Folder Options and click on the tab view options switch:

1. Show hidden files & Folders

and turn off the option

2. Hide Extensions for known file types
3. Hide Protected Operating System

7. Use Windows File Search:
Start-> Search and press enter

Search in all the ad windows drive: C, D, ....

Search for in the input files or folders names include:

*. exe
ago in the search options select option Size Range-> At most: 81 Kb
on the Advanced Options and select the option Search system folders,
search hidden files & folders, subfolders search
other options leave blank

Then click search now ..

In the search results in the right panel delete all the files:
1. size 80 kb ACCURATE AND
2. file its berekstensi *. exe / *. pif / *. com / *. bat AND
3. It has a file folder icon / windows directory

** Attention: delete only the files that meet ALL the above conditions
and NOT the one that meets only.

(Files that are frequently found: Barontok.com, ElnorB.exe, find this file)

* Tip: Sort search results based on size for easy
elimination

* Note: This is a heuristic based on experience
and experiments (eg: they found that virus-sized page 80 Kb)
selected for search is faster than the file see the pattern
satu2 manually:-p

7. Repeat steps 7 to-top search with the input file: *. pif, *. com, *. bat

8. Reboot and enter the windows as usual.



Tidak ada komentar:

Posting Komentar