Worm:Win32/Brontok.AS@mm

By GoldSparrow in Worms

Worm:Win32/Brontok.AS@mm is a mass-mailing email worm that alters specific system settings, such as display of hidden files.

Worm:Win32/Brontok.AS@mm also disables registry editing. Worm:Win32/Brontok.AS@mm proliferates by sending its copy, as an email attachment, to contacts that exist on the victimized computer system. Worm:Win32/Brontok.AS@mm is also able to replicate itself to USB, removable drives and shared folders. While being installed on the attacked computer, Worm:Win32/Brontok.AS@mm makes system changes by adding numerous harmful files and modifying the Windows Registry. When activated, Worm:Win32/Brontok.AS@mm opens a Windows Explorer window to the "My Documents" folder. Worm:Win32/Brontok.AS@mm uses the Windows "new folder" icon for its copies. This may make the file to emerge as if it were a new folder rather than an executable file, seducing computer users into accidentally executing Worm:Win32/Brontok.AS@mm. Worm:Win32/Brontok.AS@mm modifies the registry entries to make sure that its copy loads automatically whenever Windows is started.

File System Details

Worm:Win32/Brontok.AS@mm may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%APPDATA%\br7911on.exe
Name: %APPDATA%\br7911on.exe Type: Executable File
2.	%APPDATA%\lsass.exe
Name: %APPDATA%\lsass.exe Type: Executable File
3.	%APPDATA%\services.exe
Name: %APPDATA%\services.exe Type: Executable File
4.	%USERPROFILE%\Templates\WowTumpeh.com
Name: %USERPROFILE%\Templates\WowTumpeh.com Type: Command, executable file
5.	%windir%\berasjatah.exe
Name: %windir%\berasjatah.exe Type: Executable File
6.	%windir%\sembako-cmzjlji.exe
Name: %windir%\sembako-cmzjlji.exe Type: Executable File
7.	%windir%\sembako-cmzjlii.exe
Name: %windir%\sembako-cmzjlii.exe Type: Executable File
8.	%windir%\shellnew\bbm-qotlpinc.exe
Name: %windir%\shellnew\bbm-qotlpinc.exe Type: Executable File
9.	%windir%\shellnew\bbm-xomljimc.exe
Name: %windir%\shellnew\bbm-xomljimc.exe Type: Executable File
10.	%windir%\shellnew\bbm-zomljimc.exe
Name: %windir%\shellnew\bbm-zomljimc.exe Type: Executable File
11.	%windir%\shellnew\sempalong.exe
Name: %windir%\shellnew\sempalong.exe Type: Executable File
12.	%windir%\system32\cmd-bro-ilx.exe
Name: %windir%\system32\cmd-bro-ilx.exe Type: Executable File
13.	%windir%\system32\drivers\etc\hosts-denied by-%UserName%.com
Name: %windir%\system32\drivers\etc\hosts-denied by-%UserName%.com Type: Command, executable file
14.	%windir%\system32\dxblai.exe
Name: %windir%\system32\dxblai.exe Type: Executable File
15.	%APPDATA%\bronnetdomlist.bat
Name: %APPDATA%\bronnetdomlist.bat Type: Batch file
16.	%APPDATA%\inetinfo.exe
Name: %APPDATA%\inetinfo.exe Type: Executable File
17.	%APPDATA%\smss.exe
Name: %APPDATA%\smss.exe Type: Executable File
18.	%USERPROFILE%\Templates\Brengkolang.com
Name: %USERPROFILE%\Templates\Brengkolang.com Type: Command, executable file
19.	%windir%\eksplorasi.exe
Name: %windir%\eksplorasi.exe Type: Executable File
20.	%windir%\sembako-dfzjlog.exe
Name: %windir%\sembako-dfzjlog.exe Type: Executable File
21.	%windir%\sembako-cmzjkji.exe
Name: %windir%\sembako-cmzjkji.exe Type: Executable File
22.	%windir%\shellnew\bbm-toslphed.exe
Name: %windir%\shellnew\bbm-toslphed.exe Type: Executable File
23.	%windir%\shellnew\bbm-vrqliimc.exe
Name: %windir%\shellnew\bbm-vrqliimc.exe Type: Executable File
24.	%windir%\shellnew\bbm-vqslphed.exe
Name: %windir%\shellnew\bbm-vqslphed.exe Type: Executable File
25.	%windir%\shellnew\bbm-yomljimc.exe
Name: %windir%\shellnew\bbm-yomljimc.exe Type: Executable File
26.	%windir%\system32\cmd-bro-plx.exe
Name: %windir%\system32\cmd-bro-plx.exe Type: Executable File
27.	%windir%\system32\cmd-bro-jlx.exe
Name: %windir%\system32\cmd-bro-jlx.exe Type: Executable File
28.	%windir%\system32\dxblbt.exe
Name: %windir%\system32\dxblbt.exe Type: Executable File
29.	C:\autoexec.bat
Name: C:\autoexec.bat Type: Batch file
30.	%APPDATA%\csrss.exe
Name: %APPDATA%\csrss.exe Type: Executable File
31.	%APPDATA%\svchost.exe
Name: %APPDATA%\svchost.exe Type: Executable File
32.	%APPDATA%\winlogon.exe
Name: %APPDATA%\winlogon.exe Type: Executable File
33.	%USERPROFILE%\Templates\14004-nendangbro.com
Name: %USERPROFILE%\Templates\14004-nendangbro.com Type: Command, executable file
34.	%windir%\sembako-dezjlph.exe
Name: %windir%\sembako-dezjlph.exe Type: Executable File
35.	%windir%\sembako-cnzjlpi.exe
Name: %windir%\sembako-cnzjlpi.exe Type: Executable File
36.	%windir%\shellnew\bbm-somljimc.exe
Name: %windir%\shellnew\bbm-somljimc.exe Type: Executable File
37.	%windir%\shellnew\bbm-rpqlogfd.exe
Name: %windir%\shellnew\bbm-rpqlogfd.exe Type: Executable File
38.	%windir%\shellnew\bbm-trqliimc.exe
Name: %windir%\shellnew\bbm-trqliimc.exe Type: Executable File
39.	%windir%\shellnew\bbm-xtvkjimc.exe
Name: %windir%\shellnew\bbm-xtvkjimc.exe Type: Executable File
40.	%windir%\system32\cmd-bro-olx.exe
Name: %windir%\system32\cmd-bro-olx.exe Type: Executable File
41.	%windir%\system32\cmd-bro-jkx.exe
Name: %windir%\system32\cmd-bro-jkx.exe Type: Executable File
42.	%windir%\system32\dxblbk.exe
Name: %windir%\system32\dxblbk.exe Type: Executable File
43.	%windir%\system32\dxblap.exe
Name: %windir%\system32\dxblap.exe Type: Executable File
44.	%APPDATA%\bronfoldnetdomlist.txt
Name: %APPDATA%\bronfoldnetdomlist.txt
45.	%APPDATA%\Kosong.Bron.Tok.txt
Name: %APPDATA%\Kosong.Bron.Tok.txt
46.	%USERPROFILE%\My Documents\My Pictures\about.Brontok.A.html - contains the body of the email it sends out
Name: %USERPROFILE%\My Documents\My Pictures\about.Brontok.A.html - contains the body of the email it sends out
47.	%windir%\system32\%UserName%'s Setting.scr
Name: %windir%\system32\%UserName%'s Setting.scr
48.	%APPDATA%\bronnpath0.txt
Name: %APPDATA%\bronnpath0.txt
49.	%APPDATA%\Bron.tok-9-10
Name: %APPDATA%\Bron.tok-9-10
50.	%APPDATA%\Ok-SendMail-Bron-tok
Name: %APPDATA%\Ok-SendMail-Bron-tok
51.	%windir%\eksplorasi.pif
Name: %windir%\eksplorasi.pif
52.	%APPDATA%\loc.mail.bron.tok
Name: %APPDATA%\loc.mail.bron.tok
53.	%USERPROFILE%\Start Menu\Programs\Startup\empty.pif
Name: %USERPROFILE%\Start Menu\Programs\Startup\empty.pif
54.	%windir%\system32\dxblcw.ex
Name: %windir%\system32\dxblcw.ex

Registry Details

Worm:Win32/Brontok.AS@mm may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Bron-Spizaetus" = "%windir%\shellnew\sempalong.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap "ProxyBypass" = "1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell" = "cmd-bro-olx.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe "%windir%\berasjatah.exe"""

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFolderOptions" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Tok-Cirrhatus" = "%APPDATA%\smss.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Tok-Cirrhatus-3444" = "%APPDATA%\br7911on.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = "1"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Worm:Win32/Brontok.AS@mm

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen