virus Rontokbro

Creating a file in each folder where this file has the same name as the folder with the characteristics- Used a Folder Icon- File size 42 Kb- Extension. EXE
 Rontokbro also would make changes to the file C: \ AUTOEXEC.BAT by adding the command line "PAUSE". In order to be active Rontokbro so the computer starts, it will make the registry a few registry keys are:


 Bron-SpizaetusHKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunTok-CirrhatusHKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ RunShell with the value Explorer.exe "C: \ Windows \ Eksplorasi.exe"HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon,
 
Disable Registry editor
Unlike most existing viruses, this virus will also disable the program that it is possible to shorten the existence of "their" functions such as registry editor by adding a registry key:DisableRegistryTools = 1HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ SystemIf the registry editor function is executed it will display the error message. The message that appears if the infected computer attempts to access the Registry Editor Rontokbro.
 
DisableCMD
In the registryHKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ SystemIn addition to adding a string to the registry key, the virus will also be added in option in the [Startup] in msconfig.SempalongSmssEmpty
 
Hiding the Folder Option
This virus apparently learned from his colleagues, which will eliminate the virus [folder options] on the [tools] in [Windows Explorer], so the user will not be able to display any hidden files (hidden) by the virus, by adding a string value :
 "NoFolderOptions" = dword: 00000001on the registry keyHKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ ExplorerFolder Option is eliminated by ROntokbro so the user can not change the folder option settings
 
Task Schedule 5:08 PM
Rontonbrojuga will create a schedule task in windows where the schedule will run every hour is 5:08 PM, by running a file that is didirektori:C: \ Documents and Settings \% Users% \ TemplatesSchedule made by Rontokbro run a specific file every 5:08 PM. This possibility is used to update itself.


 Automatic Restart Computer
One of the advantages possessed by Rontokbro is able to cause the computer to restart, do not expect up-date patches can solve this problem, this is because Rontokbro not exploit security holes as they are used by the viruses Sasser or Blaster.Rontokbro will restart the computer if you try to run a particular program such as regedit, msconfig and even if you run the Task manager replacement software like Pocket KillBox and HijackThis even one of the other advantages possessed the ability to restart the computer even though the mode of "safe mode" even though, by So the trick is needed to address the problem. likely Rontokbro makers always follow the advice and the latest developments so that it will be increasingly difficult to eradicate because it is constantly updating itself.

 Steal Your Email Address
Rontokbro email addresses will take on all the files that contain ext. . Asp. Cfm. Csv. Doc. Eml. Html. Php. Txt. Wab


 Via diskette / USB Flash Disk
In addition to spreading via email, Rontokbro also be spread via floppy / USB to create a file in the folder / subfolder there didisket / USB or the USB root itself, the file created is discrete: Folder Icon resembles, Size 42 Kb, Ext . EXERontokbro will also try to make a connection by sending a ping request to an adult site like kaskus.com and 17tahun.com, this is one factor that may be able to slow down a computer system but because of the spread of internet connection in Indonesia is still relatively slow, the impact of this will not feel at home because the dialup user is disconnected and access to the two largest impact site will be a big impact if the computer is hit by Ronrokbro home computer that has an ADSL connection and always connected to the internet, internet cafes or office computer that is connected to the internet.Such as antivirus, Rontokbro also try to make up-date to one of the sites that have been determined, so do not be complacent should up-date your antivirus in order not to become the next victim and do not forget to not carelessly in exchanging data via diskette / usb one that tips may be useful is to identify the type of file to be run, and try to always display ekstesi of the file to get to know the type of file. One effective way to prevent Rontokbro is to use antivirus that provides local support so that the definition could counterbalance the emergence of new variants Rontokbro which is still continued to be issued.