Step by step remove rontokbro

Rontokbro is a rapidly spreading Internet worm that propagates by e-mail in messages with infected attachments. Once the user executes such an attachment, the parasite installs itself to the system and runs its spreading routine. It scans the entire system for e-mail addresses and sends itself there using own mail engine. Rontokbro modifies essential system settings in order to disable standard Windows tools such as the Registry Editor or Command Prompt. It also immediately restarts a computer when it detects certain software running. (http://www.spywareremovalnews.com/news/article-628.html)

This is the way how to remove rontokbro

  1. Download removal software from http://www.2-spyware.com/remove-rontokbro.html
  2. Kill process csrss.exe, cvt.exe, idtemplate.exe, inetinfo.exe, kangent.exe, lsass.exe, services.exe
  3. Delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bron-spizaetus
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD=2
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
  4. Delete files csrss.exe, cvt.exe, idtemplate.exe, inetinfo.exe, kangent.exe, lsass.exe, services.exe, a.kotnorb.com, empty.pif, 3d animation.scr
  5. Delete directories C:\Documents and Settings\[Current User]\Local Settings\Application Data\bron.tok-24
  6. Misc kangen.exe is the infected file that arrives attached to malicious e-mail messages sent by Rontokbro.
  7. Extract file location cvt.exe - C:\Windows\PIF or C:\Winnt\PIF
    3d animator.scr - C:\Windows\System32 or C:\Winnt\System32
    a.kotnorb.com - C:\Documents and Settings\[Current User]\Templates
    empty.pif - C:\Documents and Settings\[Current User]\Programs\Startup
    csrss.exe, idtemplate.exe, inetinfo.exe, lsass.exe, services.exe - C:\Documents and
    Settings\[Current User]\Application Data
That's all instruction about remove virus rontokbro, this instruction can read at http://www.2-spyware.com/remove-rontokbro.html