Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28535
  • Total Topics: 8240
  • Online Today: 980
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: W32/Rontokbro!408a717f  (Read 1781 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
    • SCforum.info
W32/Rontokbro!408a717f
« on: 25. July 2007., 20:37:43 »
Risk Assessment   
  - Home Users:   Low
  - Corporate Users:   Low
Date Discovered:   7/14/2007
Date Added:   7/14/2007
Origin:   N/A
Length:   49,152 bytes
Type:   Virus
SubType:   Worm
DAT Required:   4986

Virus Characteristics
This variant of the W32/Rontokbro family will copy itself to the following directories, using the following names:
C:\Documents and Settings\[USERNAME]\My Documents\Keuangan.exe
C:\Documents and Settings\[USRNAME]\Start Menu\Programs\Startup\Data Uang.exe
C:\Documents and Settings\[USERNAME]\Start Menu\Programs\Startup\Excel Optimise.exe
C:\WINDOWS\system\System32.exe
C:\WINDOWS\system32\Isassi.exe
All the above mentioned filenames will have an Microsoft Excel icon associated with it.This trojan will also hide all Microsoft Excel files in the C:\ driver with the command:

attrib +h +s +r C:\*.xls /s

Other generic characteritics of W32/Rontokbro at :
http://vil.nai.com/vil/content/v_136318.htm
Indications of Infection

The excel files will not be seeing in a normal explorer environment or at command prompt. Additionaly some executalbe files with the Excel icon will be seeing in some directories.

Other generic characteritics of W32/Rontokbro at :
http://vil.nai.com/vil/content/v_136318.htm
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.
Removal Instructions
To make your Excel files visible again, the following command can be issued on the command prompt:

attrib -h -s -r C:\*.xls /s


A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Mcafee
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

W32/Rontokbro!408a717f
« on: 25. July 2007., 20:37:43 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising