Worm:Win32/Brontok.S@mm

By Domesticus in Worms

Worm:Win32/Brontok.S@mm is a mass-mailing email worm that modifies certain computer settings, such as how hidden files are shown, and disables editing of the Windows Registry. Worm:Win32/Brontok.S@mm circulates by copying itself, as an email attachment, to contacts stored on the corrupted PC. Worm:Win32/Brontok.S@mm can also replicate itself to USB and removable drives. Worm:Win32/Brontok.S@mm makes system changes on the targeted computer by downloading infected files and making modifying the Windows Registry. While being run, Worm:Win32/Brontok.S@mm opens a Windows Explorer window to the 'My Documents' folder. For its copies, Worm:Win32/Brontok.S@mm uses the Windows 'new folder' icon. This may make the file to seem to be as if it were a new folder rather than an .exe file, attracting a computer user into accidentally executing Worm:Win32/Brontok.S@mm.

File System Details

Worm:Win32/Brontok.S@mm may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%APPDATA%\winlogon.exe
Name: %APPDATA%\winlogon.exe Type: Executable File
2.	%APPDATA%\lsass.exe
Name: %APPDATA%\lsass.exe Type: Executable File
3.	%windir%\eksplorasi.exe
Name: %windir%\eksplorasi.exe Type: Executable File
4.	%APPDATA%\csrss.exe
Name: %APPDATA%\csrss.exe Type: Executable File
5.	%APPDATA%\services.exe
Name: %APPDATA%\services.exe Type: Executable File
6.	%windir%\shellnew\sempalong.exe
Name: %windir%\shellnew\sempalong.exe Type: Executable File
7.	%APPDATA%\bronnetdomlist.bat
Name: %APPDATA%\bronnetdomlist.bat Type: Batch file
8.	%APPDATA%\inetinfo.exe
Name: %APPDATA%\inetinfo.exe Type: Executable File
9.	%APPDATA%\smss.exe
Name: %APPDATA%\smss.exe Type: Executable File
10.	%USERPROFILE%\Templates\Brengkolang.com
Name: %USERPROFILE%\Templates\Brengkolang.com Type: Command, executable file
11.	%windir%\system32\drivers\etc\hosts-denied by-%UserName%.com
Name: %windir%\system32\drivers\etc\hosts-denied by-%UserName%.com Type: Command, executable file
12.	%APPDATA%\Kosong.Bron.Tok.txt
Name: %APPDATA%\Kosong.Bron.Tok.txt
13.	%windir%\system32\%UserName%'s Setting.scr
Name: %windir%\system32\%UserName%'s Setting.scr
14.	%USERPROFILE%\My Documents\My Pictures\about.Brontok.A.html
Name: %USERPROFILE%\My Documents\My Pictures\about.Brontok.A.html
15.	%USERPROFILE%\Start Menu\Programs\Startup\empty.pif
Name: %USERPROFILE%\Start Menu\Programs\Startup\empty.pif
16.	%APPDATA%\bronfoldnetdomlist.txt
Name: %APPDATA%\bronfoldnetdomlist.txt
17.	%APPDATA%\bronnpath0.txt
Name: %APPDATA%\bronnpath0.txt

Registry Details

Worm:Win32/Brontok.S@mm may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run "Bron-Spizaetus" = "%windir%\shellnew\sempalong.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe "%windir%\eksplorasi.exe""

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run "Tok-Cirrhatus" = "%APPDATA%\smss.exe"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Worm:Win32/Brontok.S@mm

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen