virus: worm.rontokbro.h

kizzibilletkizzibillet Member Posts: 28 ■□□□□□□□□□
I have three machines all inected by this virus rontokbro.h
1st machine - symantec will not load
2nd machine - I cannot install nothing on the machine eg. spy sweeper, symantec etc nothing gives error like file is currupt
3rd machine - registry is disable and a file c:/windows explorisc (something like that) keep on popping up everytime I log on

all points to this virus

is there anyway we can get rid of this virus.?

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Format. Seriously, formatting is the ONLY way to "ENSURE" that a system is virus free. I even strongly recommend it if the machine is connected to a corporate network. Others will say to go into the safe mode, install some tools, check the run section in registry, etc... I still say format. :)
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • seuss_ssuesseuss_ssues Member Posts: 629
    I do agree to be 100% clean a format is the option. Unfortunately if your network is infected then a fresh client will definately get infected. If you have a properly laid out deployment network it will be segmented from the rest of your network and not directly connected to the rest of your network so you will be good.

    I do normally clean, but i do understand the importance of fresh install when the time comes.
  • kizzibilletkizzibillet Member Posts: 28 ■□□□□□□□□□
    thanks guys but to be hionest I dont wnat to wipe. firstly the users have softwares on the machine that are critical to thier work and they dont have the cd for them (yeah i told them never to do that again always have a copy of software installed on machine)

    2ndly I wipe one fo the machines already and it is now infected with it. it seems it is the network but how can u clean a network. I am new to this but loving it.

    should i take them all off the interent and clean with a antispyware software?

    what about kaspersky? I am hearing alot about it?

    awaiting reply
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    You could try booting to a Linux live CD and doing a virus scan from there, I've needed to do this a couple of times and have had good results.
    The only easy day was yesterday!
  • Megadeth4168Megadeth4168 Member Posts: 2,157
    You could also try downloading Ultimate Boot CD, boot your computer off of the CD you make and try running some of the included AV programs on there.
  • hettyhetty Member Posts: 394
    A reload would seem simpler. Probably have to shut down the network while trying to repair/reload everything anyway cause its a worm.
    http://www.xblock.com/product_show.php?id=2845
    http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99&tabid=2
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Once your system has been compromised, there's no telling what has been done to it. You could have rootkits on there and never know it. Buying the apps again may cost you significantly less in the long run (i.e. destruction or theft of sensitive information).
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Isolate the PCs that you know are infected, get them off your network (and don't even think of letting the users argue you out of this, they are placing all other data on your network at risk, no ifs/buts or maybes). If you can't do this then forget the whole thing, seriously don't even bother.

    You need to close the infection vector before cleaning individual machines, as seen by the reinfection you mentioned. How does it propagate (ie. does it have WORM characteristics whereby it is self-propagating and you need to firewall your clients (not a bad idea anyway), or is it a common data source that is infected and when accessed is infecting the clients (e.g. email or common business files/spreadsheets etc). You need to know where it is coming from, shut down that vector by isolating it and patching/hardening your end systems against it, then clean/format the machines.
    You should see about getting some sort of IDS/IPS running on your network to monitor for WORM traffic, it will greatly help you track infections like this and shut them down before they become widespread, your AV software is your LAST line of defense it should not be the one you rely on. SNORT is free and very effective.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • PlantwizPlantwiz Mod Posts: 5,057 Mod
    In a corporate setting......Client PCs do not belong to the individual user....they are part of a network and files should be saved to a network share to be properly backedup.

    So quickest cleanup is a Format/Reinstall. However, that doesn't address the 'WHY' and 'HOW' did this happen.

    THAT ASIDE

    thanks guys but to be hionest I dont wnat to wipe. firstly the users have softwares on the machine that are critical to thier work and they dont have the cd for them (yeah i told them never to do that again always have a copy of software installed on machine)

    Tough.

    It's a business network right? You have correct/proper licensing? So order up a spare media kit.

    Again, how can this be addressed in the future? Possibly a network share in addition to a media kit maintained in a software vault.

    When the machines are owned by the company, or purchased by the company for employees to complete work for the company.....the company SHOULD maintain the documents, the employee could have a backup copy, if necessary.
    2ndly I wipe one fo the machines already and it is now infected with it. it seems it is the network but how can u clean a network. I am new to this but loving it.

    What do you think permitted this? Is the Worm on your network? Is the user doing something/visiting websites/ opening e-mail that is infected?

    Keep the user off the network until you can determine the source.....so you'll have your work cut-out as you probably cannot keep them offline for long.


    should i take them all off the interent and clean with a antispyware software?
    Yesterday.

    Try an online scan like Housecall.
    Or
    as recommended already, try Ultimate Boot CD 4 Windows and some of their tools.

    Have you attempted a scan from Safe Mode?
    How about hanging the drive off another Box (either as a slave drive or via a USB attachment to run the AV from the clean/bench box to that drive?

    what about kaspersky? I am hearing alot about it?
    ??? What are you hearing? This is a pretty old issue that's at most a distant problem.
    awaiting reply
    Good to ask for help....but also good to continue the legwork on your own too. Read up on the identified problem from the main AV players. They usually have a wealth of knowledge available.
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
  • kizzibilletkizzibillet Member Posts: 28 ■□□□□□□□□□
    all of you were EXCELLENT! I appreciate the time you took to answer my questin. tonight I will be visiting the site and do just exactly what you all say and report to you the outcome!

    Thanks a lot
  • kizzibilletkizzibillet Member Posts: 28 ■□□□□□□□□□
    you must be wondering what happen

    but I never get a chance to go the following 2 days but after getting the chance to go the Manager called me and told me he is using another technician instead becuase the virus is not that serious as I say it was.

    I told him t was ok

    but i appreciate all your help and tips TRUST me it did help me and my knowledge has increase

    Thanks alot
Sign In or Register to comment.