Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Worm/Brontok.Q.153
Date discovered:14/08/2009
Type:Worm
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:43.476 Bytes
MD5 checksum:a042ec98487ca36544b4281c80a1a4a2
IVDF version:7.01.05.117 - Friday, August 14, 2009

 General Aliases:
   •  Mcafee: W32/Rontokbro.gen
   •  Sophos: W32/Brontok-Gen
   •  Panda: W32/Brontok.L.worm
   •  Eset: Win32/Brontok.DJ
   •  Bitdefender: Trojan.Generic.1934606


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads malicious files
   • Drops malicious files
   • Lowers security settings
   • Registry modification

 Files It copies itself to the following locations:
   • %SYSDIR%\Administrator's Setting.scr
   • %HOME%\Local Settings\Application Data\smss.exe
   • %HOME%\Start Menu\Programs\Startup\Empty.pif
   • %HOME%\Templates\Brengkolang.com
   • %WINDIR%\KesenjanganSosial.exe
   • %WINDIR%\ShellNew\RakyatKelaparan.exe
   • %HOME%\Local Settings\Application Data\lsass.exe
   • %SYSDIR%\cmd-brontok.exe
   • %HOME%\Local Settings\Application Data\csrss.exe
   • %HOME%\Local Settings\Application Data\inetinfo.exe
   • %HOME%\Local Settings\Application Data\winlogon.exe
   • %HOME%\Local Settings\Application Data\services.exe
   • %SYSDIR%\drivers\etc\hosts-Denied By-Administrator.com



It overwrites the following files.
%SYSDIR%\drivers\etc\hosts
– C:\autoexec.bat



It deletes the initially executed copy of itself.



It deletes the following files:
   • %HOME%\Local Settings\Application Data\BronFoldNetDomList.txt
   • %HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin
   • %HOME%\Local Settings\Application Data\BronNetDomList.bat
   • %HOME%\Local Settings\Application Data\BronNPath0.txt



The following files are created:

– %HOME%\Local Settings\Application Data\BronNPath0.txt
– %HOME%\Local Settings\Application Data\Kosong.Bron.Tok.txt
– %HOME%\Local Settings\Application Data\ListHost15.txt
– %HOME%\Local Settings\Application Data\BronFoldNetDomList.txt
– %HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin
– %HOME%\Local Settings\Application Data\Bron.tok.A15.em.bin
– %HOME%\Local Settings\Application Data\BronNetDomList.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.



It tries to download some files:

– The location is the following:
   • http://www.geocities.com/sbllma5/**********


– The location is the following:
   • http://www.geocities.com/sbllma5/**********


– The location is the following:
   • http://www.geocities.com/sbllma5/**********




It tries to executes the following files:

– Filename:
   • explorer.exe


– Filename:
   • "%HOME%\Local Settings\Application Data\smss.exe"


– Filename:
   • "%HOME%\Local Settings\Application Data\winlogon.exe"


– Filename:
   • at /delete /y


– Filename:
   • at 17:08 /every:M,T,W,Th,F,S,Su "%HOME%\Templates\Brengkolang.com"


– Filename:
   • "%HOME%\Local Settings\Application Data\services.exe"


– Filename:
   • "%HOME%\Local Settings\Application Data\lsass.exe"


– Filename:
   • "%HOME%\Local Settings\Application Data\inetinfo.exe"


– Filename:
   • cmd /c "%HOME%\Local Settings\Application Data\BronNetDomList.bat"


– Filename:
   • ping kaskus.com -n 250 -l 747

 Registry The following registry keys are added in order to run the processes after reboot:



The following registry keys are added:

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}]
   • "@"="IADsUser"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}]
   • "@"="IADsDNWithString"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}]
   • "@"="IADsGroup"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}]
   • "@"="IADsObjectOptions"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}]
   • "@"="IADsCollection"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}]
   • "@"="IADsResource"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}]
   • "@"="IADsPropertyEntry"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}]
   • "@"="IADsNamespaces"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}]
   • "@"="IADsServiceOperations"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}]
   • "@"="IADsPrintJob"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}]
   • "@"="IADsService"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}]
   • "@"="IADsMembers"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}]
   • "@"="IADsPrintQueueOperations"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}]
   • "@"="IADsWinNTSystemInfo"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKCU\software\microsoft\windows\currentversion\Policies\System]
   • "DisableCMD"=dword:0x00000000
   • "DisableRegistryTools"=dword:0x00000000

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}]
   • "@"="IADsPropertyValue2"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}]
   • "@"="IADsDomain"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}]
   • "@"="IADsADSystemInfo"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}]
   • "@"="IADsSession"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}]
   • "@"="IADsContainer"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"



The following registry keys are changed:

– [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
   New value:
   • "AlternateShell"="cmd-brontok.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   New value:
   • "Shell"="Explorer.exe "%WINDIR%\KesenjanganSosial.exe""

– [HKCU\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
   New value:
   • "ITBarLayout"=hex:11,00,00,00,4C,00,00,00,00,00,00,00,34,00,00,00,1B,00,00,00,4E,00,00,00,01,00,00,00,20,07,00,00,A0,0F,00,00,05,00,00,00,62,05,00,00,26,00,00,00,02,00,00,00,21,07,00,00,A0,0F,00,00,04,00,00,00,21,01,00,00,A0,0F,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   New value:
   • "Hidden"=dword:0x00000000
   • "HideFileExt"=dword:0x00000001
   • "ShowSuperHidden"=dword:0x00000000

– [HKCU\Software\Microsoft\Internet Explorer\Toolbar]
   New value:
   • "Locked"=dword:0x00000001

 Hosts The host file is modified as explained:

– In this case existing entries are deleted.

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Petre Galan on Wednesday, June 23, 2010
Description updated by Petre Galan on Wednesday, June 23, 2010

Back . . . .