SYSTEM32.EXE – Worm Brontok

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

SYSTEM32.EXE – Worm Brontok removal

FileMD5Virus Alias
SYSTEM32.EXE 20dd93fc004fd0ed801abfea9aead648 Worm Brontok
SYSTEM32.EXE 20dd93fc004fd0ed801abfea9aead648 Trojan SuspiciousFile
SYSTEM32.EXE 20dd93fc004fd0ed801abfea9aead648 Trojan Hllw
SYSTEM32.EXE 20dd93fc004fd0ed801abfea9aead648 Trojan Agent
SYSTEM32.EXE 20dd93fc004fd0ed801abfea9aead648 Trojan FakeAV
SYSTEM32.EXE 20dd93fc004fd0ed801abfea9aead648 Backdoor IRCBot

SYSTEM32.EXE size: 37888 bytes
SYSTEM32.EXE hash: 20DD93FC004FD0ED801ABFEA9AEAD648

Created files:

C:\msvbvm60.dll
%SysDir%\dllcache\msvbvm60.dll
%SysDir%\dllcache\Regedit32.com
%SysDir%\dllcache\Shell32.com
%SysDir%\dllchache\msvbvm60.dll
%SysDir%\dllchache.exe
%SysDir%\M5VBVM60.EXE
%SysDir%\msvbvm60.dll
%SysDir%\rund1132.exe
%SysDir%.exe

Autostart registry keys:

HKLM\Software\Classes\txtfile\shell\open\command : %WinDir%\System32\rund1132.exe %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Blank AntiViri: C:\AUT0EXEC.BAT StartUp
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe, “%WinDir%\System32\M5VBVM60.EXE StartUp”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Secure64: %WinDir%\System32\dllcache\Regedit32.com StartUp
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Secure32: %WinDir%\System32\dllcache\Shell32.com StartUp

Detected by UnHackMe:

SYSTEM32.EXE
Default location: %SYSDIR%.EXE

Dropper information:
MD5: 20dd93fc004fd0ed801abfea9aead648
File size: 37888 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images