Full description

Virus:	Worm/Brontok.Q.153
Date discovered:	14/08/2009
Type:	Worm
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Low to medium
Damage Potential:	Low to medium
Static file:	Yes
File size:	43.476 Bytes
MD5 checksum:	a042ec98487ca36544b4281c80a1a4a2
IVDF version:	7.01.05.117 - Friday, August 14, 2009

General Aliases:
   • Mcafee: W32/Rontokbro.gen
   • Sophos: W32/Brontok-Gen
   • Panda: W32/Brontok.L.worm
   • Eset: Win32/Brontok.DJ
   • Bitdefender: Trojan.Generic.1934606

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Downloads malicious files
   • Drops malicious files
   • Lowers security settings
   • Registry modification

Files It copies itself to the following locations:
   • %SYSDIR%\Administrator's Setting.scr
   • %HOME%\Local Settings\Application Data\smss.exe
   • %HOME%\Start Menu\Programs\Startup\Empty.pif
   • %HOME%\Templates\Brengkolang.com
   • %WINDIR%\KesenjanganSosial.exe
   • %WINDIR%\ShellNew\RakyatKelaparan.exe
   • %HOME%\Local Settings\Application Data\lsass.exe
   • %SYSDIR%\cmd-brontok.exe
   • %HOME%\Local Settings\Application Data\csrss.exe
   • %HOME%\Local Settings\Application Data\inetinfo.exe
   • %HOME%\Local Settings\Application Data\winlogon.exe
   • %HOME%\Local Settings\Application Data\services.exe
   • %SYSDIR%\drivers\etc\hosts-Denied By-Administrator.com

It overwrites the following files.
– %SYSDIR%\drivers\etc\hosts
– C:\autoexec.bat

It deletes the initially executed copy of itself.

It deletes the following files:
   • %HOME%\Local Settings\Application Data\BronFoldNetDomList.txt
   • %HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin
   • %HOME%\Local Settings\Application Data\BronNetDomList.bat
   • %HOME%\Local Settings\Application Data\BronNPath0.txt

The following files are created:

– %HOME%\Local Settings\Application Data\BronNPath0.txt
– %HOME%\Local Settings\Application Data\Kosong.Bron.Tok.txt
– %HOME%\Local Settings\Application Data\ListHost15.txt
– %HOME%\Local Settings\Application Data\BronFoldNetDomList.txt
– %HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin
– %HOME%\Local Settings\Application Data\Bron.tok.A15.em.bin
– %HOME%\Local Settings\Application Data\BronNetDomList.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.

It tries to download some files:

– The location is the following:
   • http://www.geocities.com/sbllma5/**********

– The location is the following:
   • http://www.geocities.com/sbllma5/**********

– The location is the following:
   • http://www.geocities.com/sbllma5/**********

It tries to executes the following files:

– Filename:
   • explorer.exe

– Filename:
   • "%HOME%\Local Settings\Application Data\smss.exe"

– Filename:
   • "%HOME%\Local Settings\Application Data\winlogon.exe"

– Filename:
   • at /delete /y

– Filename:
   • at 17:08 /every:M,T,W,Th,F,S,Su "%HOME%\Templates\Brengkolang.com"

– Filename:
   • "%HOME%\Local Settings\Application Data\services.exe"

– Filename:
   • "%HOME%\Local Settings\Application Data\lsass.exe"

– Filename:
   • "%HOME%\Local Settings\Application Data\inetinfo.exe"

– Filename:
   • cmd /c "%HOME%\Local Settings\Application Data\BronNetDomList.bat"

– Filename:
   • ping kaskus.com -n 250 -l 747

Registry The following registry keys are added in order to run the processes after reboot:

The following registry keys are added:

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}]
   • "@"="IADsUser"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}]
   • "@"="IADsDNWithString"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}]
   • "@"="IADsGroup"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}]
   • "@"="IADsObjectOptions"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}]
   • "@"="IADsCollection"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}]
   • "@"="IADsResource"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}]
   • "@"="IADsPropertyEntry"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}]
   • "@"="IADsNamespaces"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}]
   • "@"="IADsServiceOperations"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}]
   • "@"="IADsPrintJob"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}]
   • "@"="IADsService"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}]
   • "@"="IADsMembers"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}]
   • "@"="IADsPrintQueueOperations"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}]
   • "@"="IADsWinNTSystemInfo"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKCU\software\microsoft\windows\currentversion\Policies\System]
   • "DisableCMD"=dword:0x00000000
   • "DisableRegistryTools"=dword:0x00000000

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}]
   • "@"="IADsPropertyValue2"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}]
   • "@"="IADsDomain"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}]
   • "@"="IADsADSystemInfo"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}]
   • "@"="IADsSession"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}]
   • "@"="IADsContainer"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

The following registry keys are changed:

– [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
   New value:
   • "AlternateShell"="cmd-brontok.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   New value:
   • "Shell"="Explorer.exe "%WINDIR%\KesenjanganSosial.exe""

– [HKCU\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
   New value:
   • "ITBarLayout"=hex:11,00,00,00,4C,00,00,00,00,00,00,00,34,00,00,00,1B,00,00,00,4E,00,00,00,01,00,00,00,20,07,00,00,A0,0F,00,00,05,00,00,00,62,05,00,00,26,00,00,00,02,00,00,00,21,07,00,00,A0,0F,00,00,04,00,00,00,21,01,00,00,A0,0F,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   New value:
   • "Hidden"=dword:0x00000000
   • "HideFileExt"=dword:0x00000001
   • "ShowSuperHidden"=dword:0x00000000

– [HKCU\Software\Microsoft\Internet Explorer\Toolbar]
   New value:
   • "Locked"=dword:0x00000001

Hosts The host file is modified as explained:

– In this case existing entries are deleted.

File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Petre Galan on Wednesday, June 23, 2010
Description updated by Petre Galan on Wednesday, June 23, 2010

Back . . . .

Featured PC protection

Free products

Most popular

All products

Bundled Solutions

Workstation

Server

Bundled Solutions

Mail Gateways

Web Gateways

Collaboration Platforms

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools