Free Software

Creating a file on every folder where these files have the same name as the folder with the characteristics
- Icon used a Folder
- File Size 42 Kb
- Extension. EXE
 
Rontokbro also will make changes to the file C: \ autoexec.bat to add the command line "PAUSE". In order to be active so Rontokbro computer turned on, he will make the registry a few registry keys are:
 
Bron-Spizaetus
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Tok-cirrhatus
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Shell with a value Explorer.exe "C: \ Windows \ Eksplorasi.exe"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon,
 
Disable Registry Editor
Like most viruses, this virus will also disable programs that can shorten the possible existence of "their" functions such as registry editor by adding a registry key:
DisableRegistryTools = 1
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
If the function is run registry editor will display an error message. Message that appears if the computer is infected Rontokbro trying to access the Registry Editor.
 
DisableCMD
In Registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
Besides adding to the registry key string, the virus will also be added in the option in the [Startup] in msconfig.
Sempalong
Smss
Empty
 
Folder Option Hiding
This virus apparently learned from his colleagues, which will eliminate the virus [folder options] on the [tools] in [Windows Explorer], so that the user will not be able to display any hidden files (hidden) by the virus, by adding a string value :
 
"NoFolderOptions" = dword: 00000001
the registry key
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
Folder Option ROntokbro omitted by the user so can not change the folder option settings
 
Task Schedule 5:08 PM
Rontonbrojuga schedule will make the windows task schedule which will run every hour of 5:08 PM, by running the file that is located didirektori:
C: \ Documents and Settings \% Users% \ Templates
Schedule made by a particular file Rontokbro run every 5:08 PM. This possibility is used to update itself.
 
Automatic Computer Restart
One of the advantages possessed by Rontokbro is able to cause the computer restarts, do not expect up-date the patch can solve this problem, it is because Rontokbro not exploit such security holes used by Sasser or Blaster virus.
Rontokbro will restart your computer if you try to run a particular program such as regedit, msconfig and even if you run Task Manager software as a replacement pocket HijackThis and Killbox even one other advantage that has is the ability to restart the computer even though the mode "safe mode" even though, by because it takes a trick to deal with these problems. makers likely Rontokbro always follow the advice and the latest developments so that it will become increasingly difficult to be liquidated because it is constantly updating itself.
 
 
Steal Your Email
Rontokbro will take an email address on all files that contain ext. . asp. cfm. csv file. doc. eml. html. php. txt. wab
 
Through disks / USB Flash Disk
In addition to spreading via email, Rontokbro also be spread via Diskette / USB to create files in folders / subfolders are didisket / USB or the USB root itself, the file created has the features: resembled Folder Icon, Size 42 Kb, Ext . EXE
Rontokbro also will try to make the connection by sending ping requests to one of such adult sites and kaskus.com 17tahun.com, this is one factor that can slow a computer system but because of the spread of internet connection in Indonesia is still relatively slow, the impact of this will be less felt at home dialup users because they do not always connected and the greatest impact access to two sites will be far-reaching if the computer is affected Ronrokbro home computers that have an ADSL connection and is always connected to the internet, Warnet or office computer that is always connected to Internet.
Like antivirus, Rontokbro also trying to do up-date to one of the sites has been determined, so do not be complacent should up-date your antivirus in order not to become the next victim and do not forget to not carelessly in exchanging data via floppy / usb one tips may be useful is to recognize the type of file you want to run, and try to always display the file ekstesi order to know the type of file. One effective way to prevent Rontokbro is to use the antivirus which provides local support so that the definition can be offset Rontokbro emergence of new variants which until now still continue to be issued.