Threat Database Worms Email-Worm.Win32.Brontok.n

Email-Worm.Win32.Brontok.n

By Sumo3000 in Worms

Email-Worm.Win32.Brontok.n is a complex e-mail worm infection that disables anti-virus software, replicates itself on a local hard disk, and takes measures to make its removal difficult. Email-Worm.Win32.Brontok.n is embedded in an email attachment, and propagates by using the targeted computer's emailing networks. After the file of the Email-Worm.Win32.Brontok.n is started, it copies itself with different randomly created names to different folders on a local hard drive.

File System Details

Email-Worm.Win32.Brontok.n may create the following file(s):
# File Name Detections
1. %AppData%\dv6173880x\yesbron.com
2. %AppData%\jalak-931738815-bali.com
3. %System%\n7533\Spread.Mail.Bro\mts@lebanon-online.com.lb.ini
4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
5. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
6. %System%\n7533\Spread.Mail.Bro\mspss@gto.net.om.ini
7. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
8. HKEY_CURRENT_USER\Software\Brontok
9. N7143c = ""%Windir%\j6442922.exe""
10. %Windir%\Tasks\At1.job
11. %System%\n7533\c.bron.tok.txt
12. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
13. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] y2817Use = ""%AppData%\dv6173880x\yesbron.com""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Trending

Most Viewed

Loading...