Rontokbro
Rontokbro is a rapidly spreading Internet worm that propagates by e-mail in messages with infected attachments. Once the user executes such an attachment, the spyware installs itself to the computer and runs its spreading routine. It scans the entire computer for e-mail addresses and sends itself there using own mail engine. Rontokbro modifies essential computer settings in order to disable standard Windows tools such as the Registry Editor or Command Prompt. It also immediately restarts a PC when it detects certain software running. Such software can be many antivirus and anti-malware applications, web browsers, applicationming tools and many other popular softwares. Rontokbro may launch an attack against several well-known web sites. The worm's activity severely degrades overall computer performance and Internet connection speed and causes general computer instability. The spyware runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 3danimation.scr 2 a.kotnorb.com 3 csrss.exe 4 cvt.exe 5 empty.pif 6 idtemplate.exe 7 inetinfo.exe 8 kangent.exe 9 lsass.exe 10 services.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableCMD=2HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunron-spizaetus
just trying to use spyware removal