Hi Experts Out There,

I have been trying to get rid of this ww32.rontokbro@mm worm from my notebook without any luck. Can anyone help me?? I ve also attached the latest Hijact This Log for reference. Thanks!!!

Attached Files

HJT.txt (12.4 KB, 0 views)

Hya Madmal2006 , welcome to PCHF.


What do you see/notice from the infection? Are you being warned in a popup , or is you AV warning you, ect.?


Please download VundoFix.exe from here , and save it to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.

Please post the contents of C:\vundofix.txt.

For users who's tool will not reopen automaticly , try moving VundoFix.exe to the root directory (usually c:\) and run it as a task from there.

Hi..

I downloaded VundoFix.exe and placed it at Desktop and tried running it without success. I followed your instructions and just couldnt get it started. It just hung on me. I tried placing it at c: and still go the same hang results...what should i do now?? Thks

Leave it for now , let's have a deeper look first:

Please download and run Startup list 2.0:
http://www.spywareinfo.com/~merijn/f...tartuplist.zip

Press the "file" button , and then "paste to clipboard".
Now make a new text document and copy the info in there , and attach that text document to a post please.


Also do a Panda online scan here:

http://www.pandasoftware.com/activescan/

When done , post that log aswell please.


And did you see this part?

Hi again,

What i see so far is just a pop out window by Norton Antivirus stating that my notebook is infected by this rontokbro worm and it stopped that thing from executing. Anyways I have attached the log files in separate threads..as you requested. Thanks again for your help.

Attached Files

brontokworm1.txt (83.7 KB, 1 views)

Hi,

I am breaking it up like this because i cant seem to attach all the files at once. I can seem to get the 2nd part of the file to be attached here(brontokworm2).I can upload the activescan log though...help??

Attached Files

Activescan.txt (7.6 KB, 1 views)

You can't attach multiple file to one post? If not , then just add the rest of the startup log to a new post , or if that also doesn't somehow then just paste the text in a post.



1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Clear the Java Runtime Environment (JRE) cache:

• Click Start > Control Panel.
• Double-click the Java icon in the control panel.
  -The Java Control Panel appears.
• Click Settings under Temporary Internet Files.
  -The Temporary Files Settings dialog box appears.
• Click Delete Files.
  -The Delete Temporary Files dialog box appears.
  -There are three options on this window to clear the cache.
  • Delete Files
  • View Applications
  • View Applets
• Click OK on Delete Temporary Files window.
  -Note: This deletes all the Downloaded Applications and Applets from the cache.
• Click OK on Temporary Files Settings window.
• Close the Java Control Panel

You can view those instructions along with graphics Here


5. Please copy/paste the content of c:\avenger.txt into your reply