W32/Brontok.a

Type: Worm
Size: 81920 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:

Email-Worm.Win32.Brontok.a (Kaspersky) W32/VB.MZ (F-Prot)

Characteristics :
1) Create the following files :

◊ %system%\3D Animation.scr
◊ %system%\Microsoft
◊ %WINDOWS%\inf\norBtok.exe
◊ %WINDOWS%\Tasks\At1.job
◊ %Documents and Settings%\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\smss.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\services.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\lsass.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\inetinfo.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\csrss.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\winlogon.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\Bron.tok-3-29
◊ %Documents and Settings%\Administrator\Templates\A.kotnorB.com
◊ %Documents and Settings%\Administrator\Start Menu\Programs\Startup\Empty.pif


When this worm run,regedit cann't run and system restart.

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.