The Rontokbro computer worm is capable of stealing Windows IDs and destabilizing computers. It was first discovered in October 2005 and has since spawned many dangerous variants that are rapidly spreading across computer networks in Vietnam.
The file containing the Rontokbro worm infects operating systems such as Windows 95, 98, ME, NT, 2000, XP, and Server 2003 by disseminating copies of itself through email attachments. Rontokbro uses the Microsoft folder icon to trick users into opening it.
Notably, Rontokbro has the ability to “lock” existing antivirus programs on infected machines while simultaneously preventing infected computers from accessing websites that provide antivirus software, such as Bkav, Symantec, and Trend Micro. Furthermore, Rontokbro even forcibly closes the windows of search engine pages when commands like “rontokbor” or “anti-virus” are typed. This creates significant obstacles for those wanting to update their antivirus software or simply seek information about this virus.
Cybersecurity experts recommend an effective measure to prevent and eliminate the Rontokbro virus by disabling all shared folders on the computer before scanning with newly updated antivirus software.
