Type: Worm
Size: 45417 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:
| Email-Worm.Win32.Brontok.q (Kaspersky) |
W32/Brontok.DT@mm (F-Prot) |
Characteristics :
1) Creates the following registry keys :
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus = %WINDOWS%\ShellNew\RakyatKelaparan.exe
◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINNT\Winlogon\Shell = Explorer.exe %WINDOWS%\KesenjanganSosial.exe
◊ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus-3444 = %Documents and Settings%\Administrator\Local Settings\Application Data\br7911on.exe
2) Create the following files :
◊ %system%\cmd-brontok.exe
◊ %system%\Administrator's Setting.scr
◊ %WINDOWS%\SHELLNEW\RakyatKelaparan.exe
◊ %\WINDOWS%\KesenjanganSosial.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\smss.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\services.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\lsass.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\inetinfo.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\csrss.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\br7911on.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\svchost.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\winlogon.exe
◊ %Documents and Settings%\Administrator\Local Settings\Application Data\Bron.tok-17-9" has been inserted .
◊ %Documents and Settings%\Administrator\Templates\14004-NendangBro.com
◊ %Documents and
When the worm runs ,It doesnot let you access to the Registry and Folder Options.