SYSTEM32.EXE – Worm Brontok

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

SYSTEM32.EXE – Worm Brontok removal

FileMD5Virus Alias
SYSTEM32.EXE 0305a0d226f7cae7f14a12e0bb728a37 Worm Brontok
SYSTEM32.EXE 0305a0d226f7cae7f14a12e0bb728a37 Trojan SuspiciousFile
SYSTEM32.EXE 0305a0d226f7cae7f14a12e0bb728a37 Trojan Hllw
SYSTEM32.EXE 0305a0d226f7cae7f14a12e0bb728a37 Trojan Agent
SYSTEM32.EXE 0305a0d226f7cae7f14a12e0bb728a37 Backdoor IRCBot

SYSTEM32.EXE size: 253632 bytes
SYSTEM32.EXE hash: 0305A0D226F7CAE7F14A12E0BB728A37

Created files:

C:\msvbvm60.dll
%SysDir%\dllcache\msvbvm60.dll
%SysDir%\dllcache\Regedit32.com
%SysDir%\dllcache\Shell32.com
%SysDir%\dllchache\msvbvm60.dll
%SysDir%\dllchache.exe
%SysDir%\M5VBVM60.EXE
%SysDir%\msvbvm60.dll
%SysDir%\rund1132.exe
%SysDir%.exe

Autostart registry keys:

HKLM\Software\Classes\txtfile\shell\open\command : %WinDir%\System32\rund1132.exe %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Blank AntiViri: C:\AUT0EXEC.BAT StartUp
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe, “%WinDir%\System32\M5VBVM60.EXE StartUp”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Secure64: %WinDir%\System32\dllcache\Regedit32.com StartUp
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Secure32: %WinDir%\System32\dllcache\Shell32.com StartUp

Detected by UnHackMe:

SYSTEM32.EXE
Default location: %SYSDIR%.EXE

Dropper information:
MD5: 0305a0d226f7cae7f14a12e0bb728a37
File size: 253632 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images