Worm Brontok – sembako-clzjmnh.exe – 02c95210b15b7b285c8d011bbf0275ba

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

Worm Brontok
Also known as: Trojan Agent, Trojan Krap
SHA256: 6ba24fc7e193fae8a19fcb024ba3f799e356de8750ef0913066ecbf6b383848e
SHA1: 0cd4d4c0653bb2c06187a1227aebb62c2532b9f6
MD5: 02c95210b15b7b285c8d011bbf0275ba
File size: 111104 bytes

Created files:

%WinDir%\sembako-clzjmnh.exe – Worm Brontok
%WinDir%\ShellNew\bbm-yqomnhlc.exe – Worm Brontok
%SysDir%\cmd-bro-nmx.exe – Worm Brontok
%SysDir%\DXBLBM.exe – Worm Brontok
%SysDir%\msvbvm60.dll – Worm Brontok
%SysDir%\sistem.sys – Worm Brontok
%SysDir%\USER’s Setting.scr – Worm Brontok
%Local AppData%\br5205on.exe – Worm Brontok
%Local AppData%\csrss.exe – Worm Brontok
%Local AppData%\inetinfo.exe – Worm Brontok
%Local AppData%\lsass.exe – Worm Brontok
%Local AppData%\services.exe – Worm Brontok
%Local AppData%\smss.exe – Worm Brontok
%Local AppData%\svchost.exe – Worm Brontok
%Local AppData%\winlogon.exe – Worm Brontok
%UserProfile%\Templates\8592-NendangBro.com – Worm Brontok

Worm Brontok created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Bron-Spizaetus-clhnmoqy: “%WinDir%\ShellNew\bbm-yqomnhlc.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\sembako-clzjmnh.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\run\Tok-Cirrhatus-2091: “%Local AppData%\br5205on.exe”

Leave a Reply