Rontok Bro
29 December 2005 – 11:20 am · diperbarui: 11 Jan 2010Bangun pagi menjelang azan subuh, saya hidupkan komputer dan langsung buka outlook. Sambil membaca berita-berita dari berbagai media massa nasional, tiba-tiba saya dikejutkan kemunculan box Norton yang memberitahukan ada satu virus sedang mengintai; namanya W32.Rontokbro@mm dari sebuh file dengan nama My Photo.jpg attachment dari email asing Galeri_50@boleh.com. Sudah lebih dari 3 pekan ini saya mendengar tentang virus Wong Indo punya ini dan bahkan sempat membuat banyak teman ketar-ketir diulahnya.
Alhamdulillah virus ini sudah lebih dahulu terdetek dan dihapus secara silent dari email sehingga tidak sempat menimbulkan kekacauan pada komputer saya. Dan sekarang saya sedang mencari beberapa cara untuk menanganinya. Dan ini saya ambil dari www.precisesecurity.com
W32.RONTOKBRO.K removal procedures requires technical know-how on computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer.
MANUAL REMOVAL:
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Use the Security Response “Tool to reset shell\open\command registry subkeys.”
5. Delete any values added to the registry.
Navigate to the subkey and delete value:
HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: “Bron-Spizaetus” = “”%Windir%\ShellNew\sempalong.exe”"
Navigate to the subkey and delete value:
HKEY_CURRENT_USER
\Software\Microsoft\Windows\CurrentVersion\Run
Value: “Tok-Cirrhatus” =
“%UserProfile%\Local Settings\Application Data\smss.exe”"
Navigate to the subkey and reset value to default if required:
HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: “Shell” = “Explorer.exe”
Navigate to the subkey and reset value to default if required:
HKEY_CURRENT_USER
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: “NoFolderOptions” = “0″ or “NoFolderOptions” = “1″
Navigate to the subkey and reset values to default if required:
HKEY_CURRENT_USER
\Software\Microsoft\Windows\CurrentVersion\explorer\advanced
Values:
“Hidden” = “0″ or “Hidden” = “1″
“ShowSuperHidden” = “0″ or “ShowSuperHidden” = “1″
“HideFileExt” = “0″ or “HideFileExt” = “1″
7. Exit Registry and Restart the computer.
8. Delete the scheduled task.
To delete the scheduled tasks added by the worm
a. Click Start, and then click Control Panel. (In Windows XP, switch to Classic View.)
b. In the Control Panel window, double click Scheduled Tasks.
c. Right click the task icon and select Properties from menu. The properties of the task is displayed.
d. Delete the task if the contents of the Run text box in the task pane, matches the following:
%UserProfile%\Templates\Brengkolang.com
9. Restart the computer.
10. In order to make sure that w32 rontokbro.k is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
Beberapa informasi dan cara membersihkannya bagi yang sudah terinfeksi juga bisa membaca beberapa informasi penting lainnya di http://www.vaksin.com/rontokbro.htm (link not active: still here for reference archieve, that was is), dan juga di http://www.vaksin.com/remove_rontokbro_n.htm (not active: still here for reference archieve, that was is), vaksin, di detikinet, atau baca Virus Lokal Rontokbro Menyebar via E-Mail
Don’t forget to have one of these:
![ZoneAlarm AntiVirus 2006 [AntiVirus + Firewall]](http://www.aman.web.id/wp-content/uploads/images.amazon.com/images/P/B000B5I0NS.01._SCTHUMBZZZ_.jpg)
Tags: rontokBro, vaksin, virus
Yeah, tis virus is quite sneaky! I got tis virus spreading from my usb flash after lent it to my friend. For all moroons, double check wat u’re gonna double click/run, tis virus are like 007, believe me!!
Now my problem is I dun have an antivirus in my PC, well actually I have one but since last year it’s corrupted and cant be removed with Add/Remove Program, dunno why! ANY SUGGESTION how to remove this corrupted program??
All I have to do now is run a online scanner but it sucks damn slow!!
You know wat, this virus are designed to ping attack to the site of playboy.com and israel gov. site WHY?? Find out urself……..
Remove corrupted program? If it’s a Norton Product, you can use Norton removal tool provided by Symantec; Follow this for Norton AV 2003 or Erlier, or follow this quicksearch. For all programs, you can use any tools for this porpuse like regvac. I use this tool to remove programs when add/remove program from windows control panel fails.