Virus?

I have the following virus worm rontkbr.b, pc-cillin says it fixed it, but every 20 minutes pc cillin keeps popping up and scanning the same files and removing the virus over and over, the worst effects of the virus (restarting comp everytime i try to download/not letting me download has stopped.

but apparently the virus is still in my system and it's really hard to do anything with pc-cillin contiously removing it.

Results of hijackthis are as follows:

[saving space - attachment deleted by admin]

[Malware Removal Specialist]

Ok good job, I will be with you in a minute.

[Malware Removal Specialist]

I can't see anything from the log that would be causing the problem. Since you are having problems downloading anything we will run this.

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall

k   

[saving space - attachment deleted by admin]

[Malware Removal Specialist]

Finish both of the procedures before posting back.

===

Download ViewpointKiller

* Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.

Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.

* When ViewpointKiller is done a log will be shown. Save the log to the desktop and  please add that log as an attachment in the next post.

Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.

=====

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

===

Next post please attach
ViewpointKiller log
combofix.txt log

k

[saving space - attachment deleted by admin]

[Malware Removal Specialist]

How are things now?

well the pc-cillin was deleting all the files while i did as you requested, both the pc-cillin and your tasks finished at about the same time.  haven't had any pc-cillin pop up since.  hopefully all is well, i'll have to wait til tomorrow to be sure though, i've been staring at this comp for way to many hours now.

i'll will let you know tomorrow if all is well.  Thanks alot for your help 

[Malware Removal Specialist]

OK be sure to let me know, there will be a little more to do.

hi again, computer was running for about two hours today and then pc-cillin popped up again and is scanning my music/picture files to remove the same virus.

[Malware Removal Specialist]

Please delete the copy of combofix you have and download a new one.

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall


Next post attach
combofix log

k

[saving space - attachment deleted by admin]

[Malware Removal Specialist]

Is your pc-cillin a paid version? And is it updated?

Lets try to flush System Restore and see "if" it helps.

1 Right click the My Computer icon on the Desktop and click on Properties.
2 Click on the System Restore tab.
3 Put a check mark next to 'Turn off System Restore on All Drives'.
4 Click the 'OK' button.
5 You will be prompted to restart the computer. Click Yes.

Once the computer is restarted enable System restore. It will not require a reboot when re-enabling.

Let us know if it continues.

yes, it's a paid version, but it had been unistalled for awhile, even though the subscription is still active.  the computer was fine til someone used it yesterday to go to babierus, as soon as they got to babiesrus the computer restarted, they went to babiesrus again and the computer restarted, then i went to babiesrus and the computer restarted. any other sites worked fine, just not babiesrus.  i figured something was wrong and  tried to download antivirus programs etc and realized the virus wouldn't allow me to download anything, it would keep restarting the comp when i tried.  i pulled out the pc-cillin disc that came with the comp, reinstalled it and subscription is still active  til feb. it updated and is the most current version.

we attempted to visit babiesrus on a diff comp on this network and that computer restarted also.  though that computer is functioning normally. well what's normal for it, its 5 years old and has no protection due to internet problems when it did have norton's installed on it.  it's still able to download. not sure if it's also infected or not but working normally according to the user.

we do have a third computer (year old) on the network with norton's installed, i'm to scared to visit babiesrus, i don't feel like fixing that one too.

again after installing pc cillin and running the scan and fixing this worm, it just keeps returning.  the worm is showing again as i type this post.

[Malware Removal Specialist]

OK, the more I learn about this worm the more concerned I am.

1. From the desktop double click My Computer and then double click Local Disk (C:). From the toolbar (top left) select File > New > Folder and name it sysclean.

2. Download the Sysclean Package and save it in the new C:\sysclean folder.

3. Close all applications running on your system, including any antivirus software.

4. Run the executable file by double clicking it.

5. Enable any antivirus software that is installed on your system and perform a manual scan.

6. If prompted for a reboot, please do so for the system to be successfully cleaned.

NOTE: This fix tool generates the log file, SYSCLEAN.LOG, in its current folder.
       
Please attach the SYSCLEAN.LOG in the next post.