Solved! Use CMD-BRONTOK.EXE (Worm Brontok) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

CMD-BRONTOK.EXE – Worm Brontok removal

File MD5 Virus Alias
CMD-BRONTOK.EXE 61c810e6a915b20a85708420cc8dde90 Worm Brontok
CMD-BRONTOK.EXE 61c810e6a915b20a85708420cc8dde90 Trojan, Suspicious File
CMD-BRONTOK.EXE 61c810e6a915b20a85708420cc8dde90 Trojan Generic
CMD-BRONTOK.EXE 61c810e6a915b20a85708420cc8dde90 Trojan Eldorado
CMD-BRONTOK.EXE 61c810e6a915b20a85708420cc8dde90 Virus Alman
CMD-BRONTOK.EXE 61c810e6a915b20a85708420cc8dde90 Trojan Agent

CMD-BRONTOK.EXE size: 130048 bytes
CMD-BRONTOK.EXE hash: 61C810E6A915B20A85708420CC8DDE90

Created files:

%WinDir%\KesenjanganSosial.exe
%WinDir%\ShellNew\RakyatKelaparan.exe
%SysDir%\cmd-brontok.exe
%SysDir%\msvbvm60.dll
%Local AppData%\br5205on.exe
%Local AppData%\csrss.exe
%Local AppData%\inetinfo.exe
%Local AppData%\lsass.exe
%Local AppData%\services.exe
%Local AppData%\smss.exe
%Local AppData%\svchost.exe
%Local AppData%\winlogon.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Bron-Spizaetus: “%WinDir%\ShellNew\RakyatKelaparan.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\KesenjanganSosial.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\run\Tok-Cirrhatus-2091: “%Local AppData%\br5205on.exe”

Detected by UnHackMe:

CMD-BRONTOK.EXE
Default location: %SYSDIR%\CMD-BRONTOK.EXE

Dropper information:
MD5: 61c810e6a915b20a85708420cc8dde90
File size: 130048 bytes

Leave a Reply