W32.Rontokbro
Aliases: N/A
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 23 Sep 2005
Damage: Low
Characteristics: The W32.Rontokbro@mm is a mass mailing worm that can cause the system to become unstable.
W32.Rontokbro Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Rontokbro from your computer.
More details about W32.Rontokbro
When the W32.Rontokbro@mm worm is opened, it duplicates itself as “C:\Windows\PIF\CVT.exe”, “%UserProfile%\APPDATA\IDTemplate.exe”, “%UserProfile%\APPDATA\services.exe”, “%UserProfile%\APPDATA\lsass.exe”, “%UserProfile%\APPDATA\inetinfo.exe”, “%UserProfile%\APPDATA\csrss.exe”, “%UserProfile%\Programs\Startup\Empty.pif”, “%UserProfile%\Templates\A.kotnorB.com”, and “%System%\3D Animation.scr”. Then, it creates the folder “%UserProfile%\Local Settings\Application Data\Bron.tok-24”. This worm then modifies a certain registry key entry so that it opens each time the Windows starts. The worm appends a task to the scheduler of Windows to open the file “%UserProfile%\Templates\A.kotnorB.com” at 5:08 PM every day. The W32.Rontokbro@mm worm will reboot the PC when it finds a window whose title contains one of the following strings: .@, “@.”, “.ASP”, “.EXE”, “.HTM”, “.JS”, “.PHP”, “ADMIN”, “ADOBE”, “AHNLAB”, “AVIRA”, and etc. The worm could also open a ping attack.The W32.Rontokbro@mm application is also considered as a self-replicating computer worm. It may spread over the network without the remote user’s intervention. The program creates copies of itself in removable media or disks that are commonly used for file transfer. The copies automatically executes when it detects a new network connection. It may also spread in the local area network of computers. This is done by having a downloader component of the worm application imbedded in the shared folders of other computers. The downloader component will download the main body of the program from a remote server if the computer connects to the Internet.
Browse for more malware information
- W32.Rontokbro
- W32.Rontokbro.AN@mm
- W32.Row@mm
- W32.Ruland.A@mm
- W32.Rungbu
- W32.Rusty@m
- W32.SQLExp.Worm
- W32.Sachiel
- W32.Sachy.A
- W32.Safook
- W32.Sagevo
- W32.Salga.A@mm
- W32.Saros@mm
- W32.Sasser.Worm
- W32.Savix
- W32.Scane
- W32.Scard
- W32.Schting.A
- W32.Scrapkut
- W32.Scrimge!gen
- W32.Sdbot.DJG
- W32.Secefa.A
- W32.Secet.Worm
- W32.Sejese
- W32.Selotima.A
- W32.Serab@mm
- W32.Serflog.A
- W32.Serot@mm
- W32.Setclo
- W32.Shakir
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.