Hello, so yean I’m new hear and Sorry for asking this abruptly as for this is the main reason I joined the forum.

My laptop suddenly became infected with a worm virus called (not sure) Win27:rotkonbr[wrm] virus. And avast is trying so hard to block it. From opening the laptop until the end of the session, avast keeps flooding me notifications stating it has been block. moved to chest and no further action needed. As for the source of the virus, another unprotected laptop has it and my laptop caught it by me having transfer file through usb(psp with usb connection).

I want to the fast spreading virus as I’m afraid it might sooner or later break the barrier and infect the laptop fully. It’s good to see the Avast! is working properly but i want to delete the virus itself. Please help. I don’t know about the logs and things so please bear with me if I can’t seem to do anything.

unplug all USB storage devices

follow instructions https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar logs

Currently there’s no usb devices plugged in. my laptop. I will soon do as you asked. Thank You for the quick response.

have you recived any suspicious mails with attachments lately ?

some info if interested Brontok/Rontokbro http://en.wikipedia.org/wiki/Brontok

Monitoring!

http://i.imgur.com/vlQY68c.jpg

I’m sorry for the late reply because internet is pretty faulty in my place. I may not try to do the procedure stated above until I somewhat obtain a stable connection.

Regarding the virus, Win32:Rontokbr-N [Wrm]. I found out its a some kind of trojan and can affect the computer seriously. Is that true??

I wish I could really fix this or I’m dead.

The source is unknown but it started with my already infected laptop while putting music on my psp. then I reconnect it to this laptop and then this happen

Regarding the virus, Win32:Rontokbr-N [Wrm]. I found out its a some kind of trojan

no it is not a virus or trojan but a worm Win32:Rontokbr-N [[b]Wrm[/b]]

microsoft call it Worm:Win32/Brontok.DF@mm http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Worm%3AWin32%2FBrontok.DF%40mm#tab=2

kaspersky call it Email-Worm.Win32.Brontok.q http://securelist.com/description/

Naathim will start working your case when you have attached those logs

Hello and welcome

For Brontok please skip aswMBR and MBAM, we will take care about it later. Please post for my reviev FRST and Addition reports. If you’ll encounter any issues (met some cases where Brontok was rebooting system while generating logs), let me know and we will find another way of taking this one down.

Cheers,
Naat

Malwarebytes suddenly stopped responding. Is that one of the signs of the virus preventing logs?

Probably.

I can’t tell without any logs. That’s why I asked you to skip MBAM & aswMBR and post me only FRST & Addition reports.

It won’t let me post the FRST and Addition logs. :o

You can’t attach them to your post?

If no joy, please do the following:
[]Go to Wklej.org website.
[*]Paste the plain text of your logfiles there in the big box (may be altogether or separately for each logfile).
[*]Press the big Wklej + button at the bottom.
[]Go to the address bar at the top, copy it and paste into your reply.

http://wklej.org/id/1426223/

done"

OK, that gives me a general look what’s going on. Taking a bigger hammer

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/warning.gif
Critical warning - there’s a Backdoor present!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advices for this moment:
[]Disconnect this machine from the internet.
[]Change your online passwords from a well-known clean computer (not this one!).
[*]It would be also wise to inform financial institutions about your situation - see here.

Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).

[]If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
[]If you wish to omit the reinstallation, just please proceed with the next steps directed.

I believe that we can kill this nasty bad guy
http://www.geekstogo.com/forum/public/style_emoticons/default/thumbsup.gif

https://sites.google.com/site/cannedfixes/mcshield/logoMcShield.png
Scan with McSield

Please download McShield by dr_bora and save it to your desktop.

[*]Install it on your machine.
[*]It will initially run a scan and show the result as a toaster by the system clock.
[*]Start the Control Centre by clicking on the
https://sites.google.com/site/cannedfixes/mcshield/logoMcShield.png
icon in your system tray.
[*]Go to the Scanner tab and tick unhide items on flash drives.
[*]Plug in the drive and McShield will start a scan.
[*]A logfile of this scan may be found in the Logs tab of the main screen.

Please include that log in your next reply.

https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

sorry kinda lost in “plug in the drive” How do you do that?

http://www.geekstogo.com/forum/public/style_emoticons/default/oops.gif

Sorry for not being clear enough. The infection you have came from a removable media (like memory card, USB drive). McShield is designed to scan all plugged in removable ones to detect and delete this kind of infections. So after the installation and the initial system scan (which should remove the infection), please make sure that you connect all removable media you have got to clean them too.

After that post the logfile(s) located under the Logs tab.

Ok so is it like risk taking? I will try to put in the source of this mishap

Can I skip that step since I found out that the virus is now nowhere to be found because MCShield told me that Malware is nowhere to be found. Since the originating driver is the psp, after formatting the device virus is like cleared also. But the virus still exists on my sister’s laptop in which I got the virus.

Is it advisable to skip the MCShield procedure?

Is it advisable to skip the MCShield procedure?

If you have already installed McShield you may omit the removable drives scan.

But the virus still exists on my sister's laptop in which I got the virus.

You mean that the second machine is also infected? If so, stay with me and we may clear it later in this topic, after finishing this one. Just please do not take any actions on your own, nor implement there same instructions as given here - instructions are made for this particular machine only and no other, even containing the same infection.

Please proceed with ComboFix, after careful reading of my instructions

Ah yes since I do not want to accidentally destroy someones laptop.