TUXO52635Z.EXE – Worm Brontok

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

TUXO52635Z.EXE – Worm Brontok removal

FileMD5Virus Alias
TUXO52635Z.EXE 003c88ce7a5f1bdd9dd03fdb1e4e4f28 Worm Brontok
TUXO52635Z.EXE 003c88ce7a5f1bdd9dd03fdb1e4e4f28 Trojan SuspiciousFile
TUXO52635Z.EXE 003c88ce7a5f1bdd9dd03fdb1e4e4f28 Trojan CI
TUXO52635Z.EXE 003c88ce7a5f1bdd9dd03fdb1e4e4f28 Worm Autorun
TUXO52635Z.EXE 003c88ce7a5f1bdd9dd03fdb1e4e4f28 Trojan Agent

TUXO52635Z.EXE size: 1179648 bytes
TUXO52635Z.EXE hash: 003C88CE7A5F1BDD9DD03FDB1E4E4F28

Created files:

%WinDir%\M57151\EmangEloh.exe
%WinDir%\M57151\Ja856821bLay.com
%WinDir%\M57151\smss.exe
%WinDir%\sa-076400.exe
%WinDir%\system\msvbvm60.dll
%SysDir%\885154756174l.exe
%SysDir%\config\systemprofile\Templates\O52635Z\service.exe
%SysDir%\config\systemprofile\Templates\O52635Z\TuxO52635Z.exe
%SysDir%\config\systemprofile\Templates\O52635Z\winlogon.exe
%SysDir%\msvbvm60.dll
%WinDir%\Ti756174ta.exe
D:\Data USER.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\T35Z851: %WinDir%\sa-076400.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: explorer.exe, “%WinDir%\System32\config\Systemprofile\Templates\O52635Z\TuxO52635Z.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe , “%WinDir%\M57151\Ja856821bLay.com”
HKCU\Software\Microsoft\Windows\CurrentVersion\RUN\T1571400TT4: %WinDir%\System32\885154756174l.exe

Detected by UnHackMe:

TUXO52635Z.EXE
Default location: %SYSDIR%\CONFIG\SYSTEMPROFILE\TEMPLATES\O52635Z\TUXO52635Z.EXE

Dropper information:
MD5: 003c88ce7a5f1bdd9dd03fdb1e4e4f28
File size: 1179648 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images