Home > General > Email-worm.win32.brontok.a

Email-worm.win32.brontok.a

Variants include: Brontok.A Brontok.D Brontok.F Brontok.G Brontok.H Brontok.I Brontok.K Brontok.Q Brontok.U Brontok.BH Contents 1 Other names 2 Origin 3 Symptoms 4 Removal 5 References Other names[edit] Other names for this worm This is done to avoid sending the worm to the same address multiple times. Learn More About About Company News Investors Careers Offices Labs Labs Labs blog Latest threats Remove threats Submit a sample Beta programs Support Support Knowledge base Software updates Community Support Tools Iniciar sesión Transcripción Estadísticas Colabora en la traducción 60.555 visualizaciones 668 ¿Te gusta este vídeo? http://webtrekkie.com/general/email-worm-win32-magistr-c.php

Inspired by: (Spizaetus Cirrhatus) that is almost extinct [By: HVM31 JowoBot #VM Communityunity --[2] It also contains a JavaScript pop-up. Cola de reproducciónColaCola de reproducciónCola Eliminar todoDesconectar Va a empezar el siguiente vídeoparar Cargando... INTEL. Cargando...

Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view Help - Search - Members Full Version: Infected with Email-Worm.Win32.Brontok.q Kaspersky Lab Forum > English User Forum > Virus-related In addition, the Trojan creates scheduled tasks with the following names: «At1» and «At2» which run the «%SystemDrive%\Documents and Settings\User\Templates\-NendangBro.com» file twice per day. On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command anti virus keeps finding Email-Worm.Win32.Brontok.q File at the locations above and deleting it.

  • I believe, based on my readings, that this virus is now in my registry, which is why Zone Alarm cannot delete or quarantine it.
  • This forum is for users of those products only.
  • The first folder contains the list of e-mail addresses that the worm harvested from the infected computer.
  • Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment:
  • You may also refer to the Knowledge Base on the F-Secure Community site for more information.
  • Methods of Infection Viruses are self-replicating.
  • file could not be scanned!C:\Documents and Settings\frosty\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F0A4_2311_A422_D9BC\fsr.log...
  • Cargando...
  • Share the knowledge on our free discussion forum.
  • For mailing, the worm uses addresses found on the infected computer.

    Technical Details Installation Once launched, the worm copies itself and saves copies as: %SystemDrive%\Documents and Settings\User\Local Settings\Application Data\bron.exe %SystemDrive%\Documents

Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone. I'm very wary of editing my registry but I don't want to "re-do" my computer again. Archon66 5.05.2007 15:57 Mmm let me try safe mode Archon66 5.05.2007 21:09 Well I did a scan in safe mode, and nothing showed up.I am looged on as admin now in Switch to another language: Catalan | Basque | Galician | View all Cerrar Sí, quiero conservarla.

Operating System:Windows XP Home Edition Software Version:7.0 Product Name:ZoneAlarm Internet Security Suite August 18th, 2007 #2 sjoeii Guest Re: Email-Worm Win32 Brontok.a Please send the file to [email protected] They will add file could not be scanned!C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000A348C\000A348C.exe... Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary https://www.f-secure.com/v-descs/brontok_n.shtml Microsoft.

With a 2 second delay, tries to download files using the following URLs: http://www.kas***s.com/?STOP-CONTENT-PORNOGRAFI.GoToHell http://www.17ta***n.com/?STOP-CONTENT-PORNOGRAFI.GoToHell http://www.fajar***b.com/?you=Stupid-AssHole&msg=IT-IS-SO-EASY-TO-BE-BETTER-THAN-YOU The URLs did not respond when the description was created. vxheaven.org aka vx.netlux.org deenesitfrplruua McAfee® for Consumer United StatesArgentinaAustraliaBoliviaBrasilCanadaChile中国 (China)ColombiaHrvatskaČeská republikaDanmarkSuomiFranceDeutschlandΕλλάδαMagyarországIndiaישראלItalia日本 (Japan)한국 (Korea)LuxembourgMalaysiaMéxicoNederlandNew ZealandNorgePerúPhilippinesPolskaPortugalРоссияSrbijaSingaporeSlovenskoSouth AfricaEspañaSverigeSchweiz台灣 (Taiwan)TürkiyeالعربيةUnited KingdomVenezuela About McAfee Contact Us Search ProductsCross-Device McAfee Total Protection McAfee LiveSafe McAfee Internet Security Cola de reproducción Cola __count__/__total__ Email-Worm.Win32.Brontok danooct1 SuscribirseSuscritoCancelar154.988154 K Cargando... The worm can create its files with COM, EXE, and PIF extensions.

It adds the following keys to the system registry: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Bron-Spizaetus" = "%Windir%\ShellNew\RakyatKelaparan.exe" [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "Tok-Cirrhatus-" = "%SystemDrive%\Documents and Settings\User\Local Settings\Application Data\bron.exe" This ensures an automatic run of the worm at each https://en.wikipedia.org/wiki/Brontok file could not be scanned!C:\Documents and Settings\frosty\Local Settings\Temp\~DF6315.tmp... Brontok worm creates multiple launch points for the copied files. Contacts remote hostThe malware may contact a remote host at www.geocities.com using port 80.

Categoría Entretenimiento Licencia Licencia de YouTube estándar Mostrar más Mostrar menos Cargando... danooct1 36.736 visualizaciones 6:29 Email-Worm.Win32.Klez.E - Duración: 4:38. Please go to the Microsoft Recovery Console and restore a clean MBR. i had a look on virus list and its telling me this: http://www.viruslist.com/en/viruses/encycl...a?virusid=96428i will get back to you on kas, i'll let the avast scan finish first.

References[edit] ^ "Worm:Win32/[email protected]". danooct1 48.920 visualizaciones 4:38 have a peek at these guys It disables the Windows Registry Editor (regedit.exe) and modifies Windows Explorer settings.

Anuncio Reproducción automática Si la reproducción automática está habilitada, se reproducirá automáticamente un vídeo a continuación. Sign in AccountManage my profileView sample submissionsHelpMalware Protection CenterSearchMenuSearch Malware Protection Center Search Microsoft.com Search the Web AccountAccountManage my profileView sample submissionsHelpHomeSecurity softwareGet Microsoft softwareDownloadCompare our softwareMicrosoft Security EssentialsWindows DefenderMalicious Software It can also copy itself to USB and pen drives.

Archon66 5.05.2007 13:11 ok doing it right now Archon66 5.05.2007 15:19 well, i ran a sweep and it showed nothing.But, I am continuously getting pop up messages that the ant-virus is

Retrieved from "https://en.wikipedia.org/w/index.php?title=Brontok&oldid=711751070" Categories: Email wormsHacking in the 2000s Navigation menu Personal tools Not logged inTalkContributionsCreate accountLog in Namespaces Article Talk Variants Views Read Edit View history More Search Navigation Main Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. Inicia sesión para que tengamos en cuenta tu opinión. Microsoft.

Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. Terms Of Use | Privacy Policy Javascript is disabled in your web browserFor full functionality of this site it is necessary to enable JavaScript. Iniciar sesión 669 6 ¿No te gusta este vídeo? It also means that whenever I reboot, the virus begins again.

Transcripción La transcripción interactiva no se ha podido cargar. Indication of Infection This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section. When the worm sends an e-mail to an address, the corresponding file is moved to the second folder. Nobron = Satria Dungu = Nothing !!!

Jangan lupain aku ya !. Cambiar a otro idioma: Català | Euskara | Galego | Ver todo Learn more You're viewing YouTube in Spanish (Spain). For example: Status ID Day Time Command Line ------------------------------------------------------------------------------- 1 Each M T W Th F S Su 5:08 PM "C:\Documents and Settings\User\Local Settings\Application Data\jalak-931976415-bali.com" 2 Each M T W Th Detect: Email-Worm.Win32.Brontok.a Platform: Win32Type: WormSize: 45417 bytesPacker: MEWLanguage: VisualBasic md5: 41bc917a697ab13ecb4c97496300080b sha1: 3963b429bf098b194c49a83a4360d65b5c56c746 Summary It is an email worm spreading via the Internet by attaching a copy of its executive file

It can also copy itself to USB and pen drives. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Retrieved 14 February 2013. ^ "[email protected]". Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply.

Acción en curso... The time now is 10:36 PM. 2003-2016 Check Point Software Technologies Ltd. The virus/email itself contains a message in Indonesian (and some English). I will do that. « Previous Thread | Next Thread » Thread Information Users Browsing this Thread There are currently 1 users browsing this thread. (0 members and 1 guests) Bookmarks

You can try to get help here: http://forum.kaspersky.com/index.php?showtopic=39350 frostydub 1.06.2007 16:27 i deleted it so it didnt interfere with other AV programs i'm trying. Symptoms[edit] When Brontok is first run, it copies itself to the user's application data directory. To start viewing messages, select the forum that you want to visit from the selection below. Nobron & Romdil -->> Kicked by The Amazing Brontok [ By JowoBot ] The c.bron.tok.txt file contains the following text: Brontok.C By:JowoBot The worm keeps several copies of itself in memory.