yesbron.com – Worm Brontok

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

yesbron.com – Worm Brontok removal

FileVirus Alias
yesbron.com Worm Brontok
yesbron.com Trojan Agent
yesbron.com Trojan Generic

Created files:

%WinDir%\j6156722.exe – Worm Brontok
%WinDir%\o4156727.exe – Worm Brontok
%SysDir%\c_15672k.com – Worm Brontok
%SysDir%\msvbvm60.dll.4 – Worm Brontok
%SysDir%\n6081\smss.exe – Worm Brontok
%SysDir%\n6081\sv711303230r.exe – Worm Brontok
%SysDir%\n6081\sv711303230r.exemsatr.bin – Worm Brontok
%SysDir%\n6081\winlogon.exe – Worm Brontok
%WinDir%\_default15672.pif – Worm Brontok
%SysDir%\config\systemprofile\Local Settings\Application Data\dv6130320x\yesbron.com – Worm Brontok

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\N2373c: “%WinDir%\_default15672.pif”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\N2373c: “%WinDir%\j6156722.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\o4156727.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\j6156722.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\y2091USE: “%Local AppData%\dv6130320x\yesbron.com”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\y2091USE: “%WinDir%\System32\n6081\sv711303230r.exe”

Detected by UnHackMe:

yesbron.com
Default location: %SysDir%\config\systemprofile\Local Settings\Application Data\dv6130320x\yesbron.com
Dropper information:
SHA256: 62a1f44676cc57866d21f9833e05349eb4a7c1d2453160f8d158eea6657428ca
SHA1: 5b5fb5d3533419d1a6d335ac8951c3c464a80cbb
MD5: ee6bd76617a427c1427306d6f9d5c9e8
File size: 43072 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images