Need help? Ask the community or hire an expert.
Go to Avira Answers
??:Worm/Brontok.Q.4
????:13/12/2012
??:??
????:?
????????????????
??/????????????
?? / ????????????
????:?
????:43.403 ??
MD5 ???:58256b28851a289ae3be0d78208be33d
VDF ??:7.11.53.216 - donderdag 13 december 2012
IVDF ??:7.11.53.216 - donderdag 13 december 2012

 ???? ????:
   • ????


??:
   •  Mcafee: W32/Rontokbro.gen@MM
   •  Kaspersky: Email-Worm.Win32.Brontok.q
   •  Bitdefender: Win32.Generic.5381
   •  Panda: W32/Brontok.L.worm
     GData: Win32.Generic.5381


??/????:
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ??????
   • ????????
   • ?????

 ?? ???????????:
   • %HOME%\Local Settings\Application Data\winlogon.exe
   • %HOME%\Local Settings\Application Data\smss.exe
   • %HOME%\Local Settings\Application Data\lsass.exe
   • %WINDIR%\KesenjanganSosial.exe
   • %SYSDIR%\drivers\etc\hosts-Denied By-%?????%.com
   • %SYSDIR%\cmd-brontok.exe
   • %HOME%\Local Settings\Application Data\csrss.exe
   • %HOME%\Start Menu\Programs\Startup\Empty.pif
   • %HOME%\Local Settings\Application Data\services.exe
   • %HOME%\Local Settings\Application Data\inetinfo.exe
   • %HOME%\Templates\Brengkolang.com
   • %WINDIR%\ShellNew\RakyatKelaparan.exe
   • %SYSDIR%\%?????%'s Setting.scr



?????????
C:\autoexec.bat



???????????????



??????:

%HOME%\Local Settings\Application Data\ListHost15.txt
%HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin



??????????:

???:
   • explorer.exe


???:
   • %HOME%\Local Settings\Application Data\smss.exe


???:
   • %HOME%\Local Settings\Application Data\winlogon.exe


???:
   • at /delete /y


???:
   • at 17:08 /every:M,T,W,Th,F,S,Su "%HOME%\Templates\Brengkolang.com"


???:
   • %HOME%\Local Settings\Application Data\services.exe


???:
   • %HOME%\Local Settings\Application Data\lsass.exe


???:
   • %HOME%\Local Settings\Application Data\inetinfo.exe

 ??? ????????????????????????:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Tok-Cirrhatus"=""
   • "Tok-Cirrhatus-3444"=""%HOME%\Local Settings\Application Data\smss.exe""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Bron-Spizaetus"=""%WINDIR%\ShellNew\RakyatKelaparan.exe""



?????????????:

[HKCU\software\microsoft\windows\currentversion\Policies\System]
   • "DisableCMD"=dword:0x00000000
   • "DisableRegistryTools"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001



?????????:

[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
   ??:
   • "Locked"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   ??:
   • "Hidden"=dword:0x00000000
   • "HideFileExt"=dword:0x00000001
   • "ShowSuperHidden"=dword:0x00000000

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
   ??:
   • "{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,E0,01,EE,4E,D0,11,BF,E9,00,AA,00,5B,43,83,10,00,00,00,00,00,00,00,01,E0,32,F4,01,00,00,00

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   ??:
   • "Shell"="Explorer.exe "%WINDIR%\KesenjanganSosial.exe""

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
   ??:
   • "ITBarLayout"=hex:11,00,00,00,4C,00,00,00,00,00,00,00,34,00,00,00,1B,00,00,00,4E,00,00,00,01,00,00,00,20,07,00,00,A0,0F,00,00,05,00,00,00,62,05,00,00,26,00,00,00,02,00,00,00,21,07,00,00,A0,0F,00,00,04,00,00,00,21,01,00,00,A0,0F,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
   ??:
   • "AlternateShell"="cmd-brontok.exe"

 ???? ?????? SMTP ???????????? ?????????????? ?????????:


???:
?????????


???:
– ????????????????????
 ? WAB (Windows ???) ??????????


??:
– ?? HTML ???


??:

??????????????

 ?? ?? Internet ???
   • http://www.geocities.com/sblppt4/**********
   • http://www.geocities.com/sblppt4/**********

 ?????? ????:
????????? Visual Basic ????


???????:
???????????????????????????????

Beschrijving ingevoegd door Petre Galan op maandag 18 april 2011
Beschrijving bijgewerkt door Petre Galan op maandag 18 april 2011

Terug . . . .
https:// Dit venster is voor uw veiligheid gecodeerd.