Email-Worm.Win32.Brontok.n
Email-Worm.Win32.Brontok.n is a surreptitious mass-mailing computer worm which is dropped onto the system by other malicious codes to steal your address book information. Email-Worm.Win32.Brontok.n propagates via pornographic related websites, infected freeware/p2p and shareware downloads or through malicious media codecs and ActiveX files. Once Email-Worm.Win32.Brontok.n infects your computer, it blocks access to various websites, slows down your computer, makes your computer restart and copies itself so that it can propagate to other computers.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\dv6173880x\yesbron.com 2 %AppData%\jalak-931738815-bali.com 3 %System%\n7533\c.bron.tok.txt 4 %System%\n7533\Spread.Mail.Bro\mspss@gto.net.om.ini 5 %System%\n7533\Spread.Mail.Bro\mts@lebanon-online.com.lb.ini 6 %Windir%\Tasks\At1.job 7 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] y2817Use = ""%AppData%\dv6173880x\yesbron.com""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 8 HKEY_CURRENT_USER\Software\Brontok 9 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run 10 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer 12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run 13 N7143c = ""%Windir%\j6442922.exe""
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.