Worm.Brontok
Posted: February 1, 2008
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,751 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 130,785 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
The PC threat Email-Worm.Brontok is a self-replicating computer worm that is capable of seriously harming computer systems that Email-Worm.Brontok infects. Self replicating worms of this kind are capable of seeping their malevolent infections into every nook and cranny of a compromised machine – devoid of their users' knowledge or permission – without the requirement of human intervention.
Dangerous Capabilities Illustrated by Email-Worm.Brontok
Without the help of a human host, Email-Worm.Brontok can quickly replicate and spread across networks. This means that Email-Worm.Brontok can infect numerous machines by merely infecting one single system connected over a network. Email-Worm.Brontok can utilize a network to infect every single machine connected to the network.
This worm can also utilize infected machines' users' email accounts to spam email messages that carry infected email attachments, which specialize in further distributing this dangerous pest. Email-Worm.Brontok is capable of compromising your email account by logging and recording contacts stored on your contact list and then forwarding the recorded data to email spammers. Email spammers can then forward corrupt email messages to every individual listed as a contact on your email account.
What's more, disrupting your email account is not the only way in which Email-Worm.Brontok is a privacy invasive security threat. This Worm is also able to work to log and record all types of sensitive, confidential data that may be stored on your computer system. Email-Worm.Brontok may target data such as credit card details and online banking information.
Email-Worm.Brontok has also been linked to botnet assaults and is said to possible result in an infected machine become a part of a botnet. There has also been more than sufficient evidence that suggest that Email-Worm.Brontok can cause a dangerous malware attack on the machines Email-Worm.Brontok infects. With the additional ability of creating backdoors on compromised computers, Email-Worm.Brontok may work to allow a number of other, additional malware-based security threats entrance to your system.
Email-Worm.Brontok may Hinder Internet Access
As you can imagine, Email-Worm.Brontok is a high-risk computer security violation that should not be allowed to remain on an infected machine for very long. In addition to nefarious capabilities already outlined, Email-Worm.Brontok is also known to possess the frustrating ability to significantly affect infected machines' users' access to the Internet. Reliable evidence reveals that Email-Worm.Brontok's host file modification(s) may function as agents to block your access to a variety of computer security-related web domains, significantly slow Internet access, track your online browsing habits and download a myriad of dangerous files from the net and drop them on your vulnerable machine.
If you have reason to suspect this threat's access to and/or presence on your system, it is seriously recommended – by SpywareRemove.com malware analysts – that you procure a complex malware solution tool to cleanse your computer of Email-Worm.Brontok's dangerous presence. With all the provided evidence on Email-Worm.Brontok, which clearly outlines its seriously dangerous capabilities, if you have identified this Worm functioning on your machine, it is important that you immediately work to crush Email-Worm.Brontok before Email-Worm.Brontok has the time and opportunity to harm your machine permanently.
Aliases
More aliases (172)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\AppData\Local\NetMailTmp.bin
File name: NetMailTmp.binSize: 51B (51 bytes)
MD5: c943ae4292f2ea5d3a9fea05d9af4039
Detection count: 60,670
File type: Binary File
Mime Type: unknown/bin
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\NetMailTmp.bin
Group: Malware file
Last Updated: October 17, 2023
%SystemDrive%\Documents and Settings\sona\Local Settings\Application Data\Bron.tok.A8.em.bin
File name: Bron.tok.A8.em.binSize: 6.75 KB (6751 bytes)
MD5: 7b41ac483cfde60a7467a338d8f76175
Detection count: 14,633
File type: Binary File
Mime Type: unknown/bin
Path: %SystemDrive%\Documents and Settings\sona\Local Settings\Application Data
Group: Malware file
Last Updated: July 21, 2016
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 49.15 KB (49152 bytes)
MD5: 181ac164444c9d56b22507e7f7d258a6
Detection count: 8,090
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: November 17, 2016
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 270.02 KB (270026 bytes)
MD5: 27cf6bbe068dac970c7f9c7eb5768aaa
Detection count: 546
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: November 17, 2016
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 123.39 KB (123392 bytes)
MD5: 4c0c85d815a2dc079bb21c7f31950f58
Detection count: 141
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\j6235022.exe
File name: j6235022.exeSize: 64 KB (64000 bytes)
MD5: 3fc2a99453a99947672585715c815032
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\j6235022.exe
Group: Malware file
Last Updated: June 26, 2020
%WINDIR%\ShellNew\RakyatKelaparan.exe
File name: RakyatKelaparan.exeSize: 126.97 KB (126976 bytes)
MD5: cddb5bd741c5e40d515ac0fd49c558fa
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: November 17, 2016
file.exe
File name: file.exeSize: 61.44 KB (61440 bytes)
MD5: 6c08bd41f70d51662df04eb4ecd2f9ee
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 29, 2016
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 211.45 KB (211456 bytes)
MD5: dd751f23e4146922ba02d4eed1e1ad6a
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\ShellNew\bronstab.exe
File name: bronstab.exeSize: 130.56 KB (130560 bytes)
MD5: 69c0f1dcbee67fe99fbb571b61761f43
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: November 17, 2016
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 102.91 KB (102912 bytes)
MD5: 0b0f915ac3aae72ce408cf976d91fdf2
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
file.exe
File name: file.exeSize: 42.62 KB (42627 bytes)
MD5: 4bd356e923aa748e4c01832452f7ec5c
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 154.78 KB (154783 bytes)
MD5: f930413f494fe63ad01487916c617563
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 81.92 KB (81920 bytes)
MD5: e042a3dc5132a3e9dd2be0cbbd9d7345
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 130.56 KB (130560 bytes)
MD5: 5aaec9b80e0e8015ea8cede7fc589e6f
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 42.02 KB (42028 bytes)
MD5: f144bdfdc94b83440841e91d8a589368
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 272.12 KB (272128 bytes)
MD5: b9a894d0f76966512e5472a37777eb8c
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 220.64 KB (220642 bytes)
MD5: 11e1ca436a0389f9518ffa9ffe459912
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 114.17 KB (114176 bytes)
MD5: 1e1ae4a10fd99320db3c9a9158d6071a
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 2.16 MB (2162688 bytes)
MD5: 69d08df1444e33e4d6934f7ab44034bf
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 163.32 KB (163328 bytes)
MD5: 66573046fb8f3c7e179b4dbd6fa9ec84
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 355.53 KB (355530 bytes)
MD5: b090fdfc4942fc1c9191c48ac537e95f
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 159.23 KB (159232 bytes)
MD5: 9a6aedf8ad4514c3be627996845a51c4
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
%WINDIR%\ShellNew\sempalong.exe
File name: sempalong.exeSize: 123.39 KB (123392 bytes)
MD5: fa92ffcbfb0b56be12fd6b0b03482cca
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\ShellNew
Group: Malware file
Last Updated: April 13, 2017
More files
Registry Modifications
File name without pathabout.Brontok.A.htmlbrengkolang.comBronFoldNetDomList.txtBronNetDomList.batBronNPath0.txtbronstab.exebronstab.exeCara Membasmi Brontok.exeeksplorasi.pifKosong.Bron.Tok.txtSejarah Pembuat Virus Brontok.exeWowTumpeh.comyesbron.comRegexp file mask%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif%APPDATA%\Microsoft\Windows\Templates\A.kotnorB.com%LOCALAPPDATA%\[RANDOM CHARACTERS]bron.tok[RANDOM CHARACTERS].bin%LOCALAPPDATA%\inetinfo.exe%LOCALAPPDATA%\JunkAtx.bin%LOCALAPPDATA%\ListHost[NUMBERS].txt%LOCALAPPDATA%\lsass.exe%LOCALAPPDATA%\services.exe%LOCALAPPDATA%\winlogon.exe%USERPROFILE%\Local Settings\Application Data\[RANDOM CHARACTERS]bron.tok[RANDOM CHARACTERS].bin%USERPROFILE%\Local Settings\Application Data\inetinfo.exe%USERPROFILE%\Local Settings\Application Data\JunkAtx.bin%UserProfile%\Local Settings\Application Data\ListHost[NUMBERS].txt%USERPROFILE%\Local Settings\Application Data\lsass.exe%USERPROFILE%\Local Settings\Application Data\services.exe%UserProfile%\Local Settings\Application Data\winlogon.exe%WINDIR%\eksplorasi.exe%WINDIR%\inf\norBtok.exe%WINDIR%\KesenjanganSosial.exe%WINDIR%\ShellNew\bbm-[RANDOM CHARACTERS].exe%WINDIR%\ShellNew\bronstab.exe%WINDIR%\ShellNew\RakyatKelaparan.exe%WINDIR%\ShellNew\sempalong.exe%WINDIR%\System32\IExplorer.exe%WINDIR%\System32\shell.exe%WINDIR%\SysWOW64\IExplorer.exe%WINDIR%\SysWOW64\shell.exeHKEY..\..\..\..{RegistryKeys}Software\Microsoft\Windows\CurrentVersion\Run\Bron-SpizaetusSoftware\Microsoft\Windows\CurrentVersion\Run\Tok-CirrhatusRun keysTok-CirrhatusTok-Cirrhatus-1761Tok-Cirrhatus-1860
This is antivarious is vry good becoz some time we open some unrecozined file and virus infact our system; but this antivarious remove all trozan,brontok various