Home > General > Win32/brontok.c


They all can heal it, but the worm keeps coming back and replicates itself. The worm is a member of the Worm:Win32/[email protected] and Win32/Brontok families. frostydub 31.05.2007 14:33 QUOTE(Lucian Bara @ 31.05.2007 10:24)those aren't neccesarily infected.and kaspersky, what does it detect (and where?)?some are. Once Spyhunter is installed on your computer, run the free online scan immediately. have a peek at this web-site

Win32/brontok.c Started by jay v , Jul 03 2007 10:52 PM Please log in to reply 2 replies to this topic #1 jay v jay v Members 4 posts OFFLINE Automatic startup methods that the worm employs may include: Placing a copy of itself in the user's startup folder, i.e. %homepath%\Start Menu\Programs\Startup\Empty.pif Adding a scheduled task to run %homepath%\Templates\A.kotnorB.com each day at 5:08 Romdil = Tukang Jiplak = Nothing !!! It changes the way hidden files are displayed in Windows Explorer: In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedSets value: "Hidden"With data: "0" It removes the Folder Options item from all Windows Explorer menus and the http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBrontok.C%40mm

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Brontok Intercept X A completely new approach to endpoint security. anti virus keeps finding Email-Worm.Win32.Brontok.q File at the locations above and deleting it. Continue Learn More Some cookies on this site are essential, and the site won't work as expected without them.

Some variants of Win32/Brontok may modify the autoexec.bat in order to display a message during bootup.   Some Win32/Brontok variants are written in C; others are written in Visual Basic. Our expertise. PureMessage Good news for you. It is therefore important that you use a strong password – one that cannot be easily guessed by an attacker.

A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.Note: Close all Live Sales Chat Have questions? Bad news for spam. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand

The e-mail characteristics vary. For example, some variants compose an e-mail with a blank subject line and empty message body, and the infected attachment is named 'kangen.exe'. Each e-mail address is represented by a file that has the same text as the c.bron.tok.txt file (see above). IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Yahoo! Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run.

Archon66 5.05.2007 13:11 ok doing it right now Archon66 5.05.2007 15:19 well, i ran a sweep and it showed nothing.But, I am continuously getting pop up messages that the ant-virus is https://en.wikipedia.org/wiki/Brontok When translated, this reads: [By: HVM31 JowoBot #VM Community] -- stop the collapse in this country—1. In such a situation, the PC user's bank details or other personal information which saved in the computer can be leaked out to those bad guys. For more information, see 'What is social engineering?'.

Here is some useful tips for you.1. Check This Out file could not be scanned!C:\Documents and Settings\frosty\Local Settings\Temp\~DF6315.tmp... Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view Javascript is disabled in your web browserFor full functionality of this site it is necessary to enable JavaScript. Nobron & Romdil -->> Kicked by The Amazing Brontok [ By JowoBot ] The c.bron.tok.txt file contains the following text: Brontok.C By:JowoBot The worm keeps several copies of itself in memory.

The local Hosts file overrides the DNS resolution of a web site URL to a particular IP address. Restart your computer.For common computer users, it is not recommended to conduct manual removal. Submit a sample to our Labs for analysis Submit Sample Give And Get Advice Give advice. http://quodsoftware.com/general/win32-ctx.html How to turn on Automatic Updates in Windows 7 How to turn on Automatic Updates in Windows Vista How to turn on Automatic Updates in Windows XP Use up-to-date antivirus software

Regards, The attachment name is: photo.zip To collect e-mail addresses to spread itself, the worm looks on drives from C: to Z for address in files with the following extensions: .asp Server Protection Security optimized for servers. This is happening on average every 15 to 20 minutes it seems.

Worm:Win32/[email protected] creates the following folders that contain components that the worm uses to send spam emails, including email addresses: %APPDATA%\Bron.tok--, for example Bron.tok-9-10 %APPDATA%\loc.mail.bron.tok %APPDATA%\Ok-SendMail-Bron-tok It may also create

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071007 serial=DR12CRM-5257227-SYG Get the latest computer updates for all your installed software. Free Tools Try out tools for use at home. The first folder contains the list of e-mail addresses that the worm harvested from the infected computer.

Partners Support Company Downloads Free Trials All product trials in one place. file could not be scanned!C:\Documents and Settings\frosty\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F0A4_2311_A422_D9BC\fsrtmp.log... Inspired by: (Spizaetus Cirrhatus) that is almost extinct [By: HVM31 JowoBot #VM Communityunity --[2] It also contains a JavaScript pop-up. have a peek here By using this site, you agree to the Terms of Use and Privacy Policy.

Let's talk! CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). The user cannot update certain security-related software or visit certain Web sites. Required fields are marked * Name * Email * Website Comment You may use these HTML tags and attributes:

BLEEPINGCOMPUTER NEEDS YOUR HELP! Get Pricing The right price every time. The file names can be semi-randomly generated or they can be any of the following: csrss.exe inetinfo.exe lsass.exe services.exe smss.exe winlogon.exe Some of the worm's files have hidden, system, and read-only Essentially, social engineering is an attack against the human interface of the targeted computer.

By default, Windows suppresses the extension on executable files. Attempts ping attacks against certain Web sites, presumably to launch a form of denial of service (DoS) attack. What's worse, you may suffer property loss.Once this Win32.Brontok.C infection is activated in computer, it can bring a lot of troubles to the infected system. Variants include: Brontok.A Brontok.D Brontok.F Brontok.G Brontok.H Brontok.I Brontok.K Brontok.Q Brontok.U Brontok.BH Contents 1 Other names 2 Origin 3 Symptoms 4 Removal 5 References Other names[edit] Other names for this worm

To view the full version with more information, formatting and images, please click here. Win32.Brontok.CWin32.Brontok.C details:Type: UnknownOS Infected: Windows 7/8/XP/Vista/2008/2003Risk: Views: 839Win32.Brontok.C is designed to monitor what computer users are doing on the internet, in order to collect personal information. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.

This may cause the file to appear as if it were a new folder rather than an executable file, luring you into inadvertently running the worm. Microsoft. Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. It can show the following texts in the command prompt window: The effect is shown after the worm terminates applications that have the following text strings in their window titles: ahnlab