Rontokbro....

I was helping someone clean their virus infested machine recently and in the process managed to infect my own. Rontokbro is quite sneaky and I got fooled. Pretty embarassing, but it has happened now and I am trying to cure it. It was Adaware that located the Rontokbro worm, and a read of the Rontokbro symptoms confirmed that this is exactly what I have. Adaware (nor any other virus software for that matter) can actually remove the worm itself, since access to the registry is denied.

Has anyone actually had any success removing the Rontokbro worm? I spent the entire day yesterday scouring the net for solutions and none of them work.

Specs: Brand new Toshiba Satellite A500, Vista Ultimate.

Most of these net solutions are really bad, such as "simply stop these processes" (stopping csrss.exe causes Vista to blue screen). And then "remove these registry entries" (Rontokbro denies access to the registry, that's sort of the point of it).

I have tried looking for tools that reset the shell and allow access to the registry again, but Rontokbro doesn't like them, and so reboots you.

I have tried running suggested tools such as Hijackthis. I renamed the files so that they would bypass Rontokbro's scrutiny, but Rontokbro reads window headings, and reboots my machine.

It seems that nothing out there is able to outsmart this one. Has anyone out there had any luck with this, or is anyone good enough to try and take this one on?

 

I am running through your start guide (all in safe mode):

-I cannot edit folder options, rontokbro hides extensions and hidden files, and then removes the folder options icon from control panel. I know you can run 'control folders' from the command line, but Rontokbro does not allow command prompt. It reboots the machine.

- I am not allowed to run msconfig. Reboots the machine.

Switching to normal mode to install recommended apps. Will update when complete:

 

Ok I have run all the software recommended and attached all the log files.

Will reboot soon and see if the infection has cleared, but I doubt it.

 

The final requested log, since I can only upload 4.

 

.....and at first glance it looks ok!

It never used to start windows properly. It used to stall at the logging in screen. I used to have to ctrl-alt-del, task manager, file, run, explorer.exe

Now it starts up as normal.

I am also able to open regedit!

Looks good so far guys. I might go through all those scans again to see if anything was missed but it certainly looks good so far.

I hope this will post will be useful for others out there who have themselves a Brontok worm like this one.