Saturday, 4 July 2009

How To Remove Rontokbro Virus ?

Rontokbro is a rapidly spreading Internet worm that propagates by e-mail in messages with infected attachments. Once the user executes such an attachment, the parasite installs itself to the system and runs its spreading routine. It scans the entire system for e-mail addresses and sends itself there using own mail engine.( How To Remove Rontokbro Virus) Rontokbro modifies essential system settings in order to disable standard Windows tools such as the Registry Editor or Command Prompt. It also immediately restarts a computer when it detects certain software running. Such software can be various antivirus and anti-spyware programs, web browsers, programming tools and many other popular applications. Rontokbro may launch an attack against several well-known web sites.( How To Remove Rontokbro Virus) The worm's activity severely degrades overall system performance and Internet connection speed and causes general system instability. The parasite runs on every Windows startup.

How To Remove Rontokbro Virus

Rontokbro manual removal:

Kill processes:
csrss.exe, cvt.exe, idtemplate.exe, inetinfo.exe, kangent.exe, lsass.exe, services.exe

Delete registry values:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”Bron-Spizaetus” = “C:\WINDOWS\PIF\CVT.exe”
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Policies\System\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Policies\Explorer\”NoFolderOptions” = “1″
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Policies\System\”DisableCMD” = “2″

Delete files:
csrss.exe cvt.exe idtemplate.exe inetinfo.exe kangent.exe lsass.exe services.exe empty.pif 3d animation.scr smss.exe bronstab.exe eksplorasi.exe Temp\\~dfa861.tmp sempalong.exe eksplorasi.exe ( How To Remove Rontokbro Virus)

Delete directories:
C:\Documents and Settings\[Current User]\Local Settings\Application Data\bron.tok-24
kangen.exe is the infected file that arrives attached to malicious e-mail messages sent by Rontokbro.

Exact file location:
cvt.exe - C:\Windows\PIF or C:\Winnt\PIF
3d animator.scr - C:\Windows\System32 or C:\Winnt\System32 - C:\Documents and Settings\[Current User]\Templates
empty.pif - C:\Documents and Settings\[Current User]\Programs\Startup
csrss.exe, idtemplate.exe, inetinfo.exe, lsass.exe, services.exe - C:\Documents and
Settings\[Current User]\Application Data


You can download and follow tutorial step by step how to remove Rontokbro use Malwarebytes at >>>> HERE

How To Remove Rontokbro Virus


Bulubebek virus has been made using visual basic with size 53kb. Bulubebek Virus very easy to removed using some manual technique. Once virus active it will created master files:

* \Windows\Script.exe
* \Windows\LSASS.exe
* \Documents and Settings\%user%\autorun.inf
* \Documents and Settings\%user%\bulubebek.ini
* \bulubebek.ini
* \autorun.inf

When virus active it will blocking some windows functions such as task manager, folder option, command prompt and more… This virus spreading (usually because it was designed) using flashdisk media by creating autorun.inf files.

Bulu Bebek Autorun File

Bulubebek has been designed and working almost same with older brontox varian, it will hidden your real folder and make duplicate .exe files with folder icon to tricky some newbie out there.

Step to cleaning bulubebek virus

1. I recommended to unplug your computers from your network, not really necessary but I think it’s gonna be safe.
2. Disable “System Restore” when in cleaning process.
3. Kill active virus process using 3rd party tools such as process explorer, kill virus process with icon folder.


4. Repair registry has been changed by virus, save this code as any name with .inf extension and install it.



HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0×00010001,1
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
HKCU, Software\Microsoft\Command Processor, AutoRun,0,

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

In case if this copy-paste code not working correctly in your text editor you can download repair files in Here

5. Find and deleted duplicate folder has been made by virus using search function. find any folders or files with rules:

* Using folder icon.
* Size 53 KB.
* .exe extension
* File type Application.

6. Shown your hidden files back, You can us your 3rd favorite tool or you can do it manually using attrib command by typing:

ATTRIB –s –h –r /s /d

NOTE: Should typing in drive root.

7. To make sure it was totally clean you can scan your computers with your best antivirus program

Good Luck !!

* virus bulubebek
* VbWorm QXE
* bulubebek removal
* repair bulubebek
* virus bulubebek ini
* bulubebek
* delete bulubebek
* bulubebek make all folder hidden
* how to remove bulubebek
* W32/VBWorm QXE
* bulubebek remover
* bulubebek antivirus
* Download Remove W32/VBWorm QXE
* bulubebek ini
* how to remove bulubebek?
* Worm:W32/VbWorm QXE
* win32 autorun vbworm
* vbworm qxe
* hacked by Bulu bebek
* bulubebek virus
* how to remove bulubebek ini?
* how to remove bulubebek virus
* HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden
* bulubebek fix
* kill bulubebek virus
* bulubebek ini bulubebek exe
* remove bulubebek
* clean hacked by bulu bebek internet explorer
* bulu bebek removal
* bulu bebek cleaner
* how to remove bulu bebek
* how to remove hacked by bulu bebek
* www istanto net/remove
* how to remove the virus that make a duplicate folder in exe file
* hacked by bulubebek
* hacked by bulu bebek
* how to delete bulubebek ini
* how to clear bulu bebek
* bulu bebek kill
* remove W32/VBWorm QXE virus
* antivirus bulubebek download
* remove bulubebek ini
* how to delete bulubebek
* how to remove W32/VBWorm QXE virus
* IE hacked by bulu bebek
* how to remove vbworm
* f
* how to remove Bulubebek
* fix virus bebek
* removing bulubebek
* clean vbworm tool
* how to delete bulu bebek virus using cmd
* W32/VBWorm QXE removers
* BuluBebek
* Bulubebek
* download antivirus bulu bebek
* Remove bulu bebek manual
* remove manual bulu bebek
* How to clean bulubebek
* bulu bebek ini removal tool
* free download bulu bebek remover
* remove bulu bebek
* VBWorm OWN
* BuluBebek ini
* VBWorm QXE
* deleting bulubebek
* duplicate folder with exe exensions
* virus/worm bulu bebek
* kill bulubebek
* virus VbWorm QXE remover
* virus bulu bebek remover
* antivirus to remove bulu bebek
* microsoft with antivirus bulubebek
* how to kill bulu bebek
* bulu bebek remover
* on line bulu bebek virus removal
* bulu bebek virus removal
* fix bulubebek
* bulu bebek antivirus
* t
* how to remove bulubebek virus?
* how to delete bulu bebek ini
* internet explorer hacked by bulu bebek
* virus Bulubebek
* antivirus untuk virus bulu bebek
* downloan anti virus BuluBebek
* delete virus buluBebek
* bulu bebek
* how to clear duplicate folder virus
* antivirus bulu bebek
* bulubebek disable cmd
* antivirus remove virus bulu bebek
* virus duplicate exe files
* removal hack by bulu bebek
* kill virus bulu bebek
* Virus duplicate folders
* virus duplica icone ie6
* download free antivirus bulubebek
* bulu bebek hidden files
* h0
* step by step removing bulu bebek
* how to remove bulu bebek on internet explorer
* bulubebek exe
* removal of bulu bebek virus
* bulubebek inf
* how to remove bulu bebek antivirus
* virus bebek remover free
* help bulu bebek disable my audio
* help bulu bebek disable my audion
* what is bulubebek viruses
* Antivirus Bulubebek
* remove bulu bebek virus
* hack bulu bebek
* antivirus Bulubebek Virus repair
* free download software antivirus for virus bulubebek
* autorun0 inf remover
* registryfx exe
* script removal virus bebek
* virus bulubebek exe
* download antivirus untuk virus shortcut
* virus bulu bebek remover tool
* best antivirus to remove bulu bebek
* remover bulu bebek
* virus bebek removal tool
* bulu bebek removal tool
* antivirus for bulubebek virus
* bulubebek repair
* bulubebek antivirus remover
* anti bulubebek
* VBWorm EXE removal
* how to delete virus bulubebek
* antivirus bulu bebek 2009
* how to remove bulubebek ini
* how to clean bulu bebek virus
* disabled administrator kill virus taskmgr pif cmd
* free download antivirus bulubebek
* bulu bebek hack bulu bebek internet explorer
* my internet explorer marked with hacked by bulu bebek
* virus bebek
* how to remove bulu bebek in internet explorer
* how to remove virus bulubebek
* how to kill bulubebek
* bulu bebek virus removal tool
* bulu bebek remove tool
* duplicate folders help hidden worm
* recover file bulu worms
* remove VbWorm QXE
* bulu bebek printer
* hacked bulu bebek
* remove hacked by bulu bebek
* free bulu bebek removal
* removal tool for duplicate folder hidden
* bulubebek remover download
* how to remove virus bulu bebek
* bulu bebek remover free download
* bulu worm removal
* download removel bulu bebek
* virus duplica exe pif cmd
* how to clean virus bulu bebek
* varian virus bulu bebek
* download bulubebek ini
* Download Antivirus Bulubebek
* duplicate folder virus removal
* bulubebek on back sound and printer
* how to remove bulu bebek ini virus
* Bulu bebek removal
* bulubebek complete removal
* virus bulu bebek disable sound
* virus made sound disable
* bulubebek virus remover
* easy bulu bebek removal
* sound disable by bulu bebek
* download freeware remover bulu bebek
* how to disable hacked by bulu bebek
* Free download Anti Virus Bulu Bebek
* script exe bulubebek
* clean virus bebek
* tools to clean bulubebek
* antivirus untuk virus vb/worm
* how to fix bulubebek
* install anti virus bulu bebek
* bulu bebek html
* remover virus bulubebek
* clean bulubebek
* duplicate folder hidden virus
* disable sound virus
* hacked BuluBebek
* w32/vbworm removal
* free download anti virus bulu bebek
* removal bulu bebek
* kill duplicate floder virus
* bebek virus removal
* using cmd to delete virus
* how to recover from from bulubebek
* removel of virus who make folder ext exe and make the hidden
* exe virus duplicate folder manual removal instructions
* bulubebek remove
* anti bulu bebek
* duplica icone
* virus bulu bebek free download
* düp bebek
* Virus that disable audio
* cara membasmi virus bulu bebek
* virus bulu bebek disable sound driver
* folder bulubebek
* duplicate folder virus remover
* free antivirus bulu bebek
* how to delete worm/vb as 53 virsus
* download vbworm
* how to delete folder using cmd
* removal bebek
* bulubebek antivirus scanner
* virus duplicate removal
* windows could not find script exe
* virus met exe van 53kb
* virus that disable audio
* clean the bulu bebek from my laptop
* bulubebek cleaner
* virus that disable sound
* removal tools for bulu bebek
* bulu bebek virus repair inf
* virus duplica icone desktop explorer
* worm/vb as 53 removal
* antivirus for bulubebek
* 0h
* virus folder duplicate with hidden
* who is create virus bulu bebek
* virus bulubebek inf
* removal virus bulubebek
* antibulubebek
* Bulu Bebek removal
* worm vb as 53
* cara delete virus Worm VBS Autorun r
* removal virus bulu bebek
* folder duplication exe
* anti virus untuk BuluBebek
* system creating duplicate exe folders
* virus that make a duplicate folder
* folder duplicate hidden virus
* worm make folder icon removal
* virus causing folders to duplicate as hidden exe files
* 4
* kill dupulicate folder virus
* saphira virus removal
* antivirus bulubebek
* virus duplicate folder
* kode repair inf
* membasmi virus bulubebek
* remov virus bulubebek
* download anti virus bulu bebek
* worm duplicate folders
* duplicate folder with exe extension
* Windows NT Command Script icon
* clean virus disable sound
* antivirus untuk bulu bebek
* virus disable sound
* bulu bebek virus audio disable
* what worm duplicates copy copies folder inside the folder
* free duplicate folder virus removal
* nadia saphira sound card
* bulu bebek virus remover
* how to remove Bulubebek ini in system
* virus who disable sound driver
* removal bulubebek
* duplica o icone do ie
* sound disable karena virus
* soundcard bulu bebek
* virus que duplica folders
* a virus that disable audio driver
* antiVirus VBworm
* kill duplicate folder virus
* hack by bulu bebek
* how to delete script exe virus
* internet explorer hacked by bulu
* Cara delete creator user
* how to cure bulubebek virus
* folder duplicate and make exe remover
* antivirus which delete autorun inf cleanvirus vbs free download
* wirus sound disable
* window - hacked by bulu bebek
* antivirus hacked by bulu bebek
* Bulu Bebek Sound card
* anti removal tool for virus which makes duplicate file and folder
* virus that will duplicate an icon
* free download antivirus anti bebek
* how to remove the virus which is creating duplicate the folder with exe extensions
* duplicated folders with exe extension
* autorun inf pif cmd exe virus removal tool
* inf pif cmd exe dos virus removal tool
* virus disables sound card
* cleanvirus vbs
* virus bulu bebek printer
* folder duplicate virus
* vbworm qxe removal
* virus disabled sound card
* which virus disables sound card
* bulu bebek repair sound
* bulubebek exe remover
* sound Virus Regedit
* Bulubebek Virus
* virus duplicate
* vbworm kode
* virus bulu bebek
* removal for bulubebek
* free duplicate folder antivirus
* virus disable my printer
* how to remove CleanVirus vbs
* how to remove cleanvirus vbs file
* virus stop windows audio help
* remove script exe virus
* free download antivirus bulubebek ini
* folder duplication pif exe
* how to killbulu bebek
* bulu bebek ini
* clean nadia saphira virus
* virus that duplicate folder
* virus which disable sound driver
* sound disable worm
* how to remove the folder with exe extension
* bulu bebek manual
* dupliate folder exe removal tool
* tool removal virus bulubebek inf
* bulu bebek sound
* how to remove bebek
* how to removebulubebek virus
* antivirus untuk delete autorun inf
* remover BuLu Bebek EXE
* Anti virus bulu bebek
* sound disabled virus
* tips to cure folders with exe extension
* virus stop windows audio
* nadia saphira remover
* remove Clean Virus vb removal software
* can a virus disable sound card
* hacked by nadia saphira
* antivirus W32/VBWorm EXE
* pif cmd virus
* hack by bulu
* exe virus duplicate folder autorun inf removal tool
* how to remove duplicate folder virus
* how to kill virus disable sound card
* virus duplica el explorer
* kode virus vb
* to temove bulubebek
* buluBebek removal
* original folder hidden duplicate folder exe
* buluhBebek removal
* remover virus nadia
* remove the virus that disable copy and paste
* folder duplicates but with a exe extension
* how to kill folder with extension exe antivirus
* removing BULUBEBEK
* script virus bulubebek
* how to remove blubebek virus
* Virus cleaning tool for Cleanvirus vbs
* virus bulu bebek removal tool
* paste disabled virus removel tool
* hidden duplicate folders
* vbs: BuluBebek
* remove virus bulubebek
* memory card remove restore folder and autorun inf file for free antivirus for remover for free downloads
* remove cleanvirus vbs
* remove virus bulu bebek
* antivirus for duplicate folder
* how to remove virus nadia saphira
* remove worm/vb as 53
* paste is disabled removal tool
* anti virus bulubebek
* how to remove virus make the hidden file disabled
* bulubebek antivirus free downlaod
* worm virus that disables sound
* extension folder exe dll duplicated
* autorun taskmgr exe 53kb
* * exe virus removal tool
* folder duplication virus
* download free cleaner virus bulu bebek
* duplicate folder antivus
* antivirus bulu bebek download
* virus duplicate folders exe
* bulubebek ini remove
* bulubebek fixer
* how to deactivate cleanvirus vbs file
* virus disables sound
* how to remove cleanvirus vbs
* duplicate folder exe removal tool download
* virus duplicates folders
* w32 virus duplicate folders
* cara remove virus bulubebek
* Bulu Bebek remover
* virus disable sound card