Avira Virenlabor
Worm/Brontok.E.1
-
NameWorm/Brontok.E.1
-
Entdeckt am08.10.2015
-
TypMalware
-
AuswirkungHoch
-
Gemeldete InfektionenNiedrig
-
BetriebssystemWindows
-
VDF Version7.11.47.198 (2012-10-26 15:42)
Bei der Bezeichnung 'WORM' handelt es sich um einen Wurm, welcher in der Lage ist sich z.B. über das Internet (Emailversand, Peer-To-Peer Netzwerke, IRC Netzwerke, etc.) oder dem Intranet selbsttätig zu verbreiten.
-
VDF7.11.47.198 (2012-10-26 15:42)
-
AliasAvast: Win32:Brontok-CEAVG: I-Worm/Brontok.XClamAV: Worm.Brontok.HDr. Web: Win32.HLLM.Generic.440F-PROT: W32/Brontok.C.gen!Eldorado (generic, not disinfectable)Trend Micro: TROJ_SPNR.03I211Microsoft: Worm:Win32/Brontok.BO@mmG Data: Win32.Brontok.NDKaspersky Lab: Email-Worm.Win32.Brontok.qBitdefender: Win32.Brontok.NDESET: Win32/Brontok.CH worm
-
DateienDie folgenden Kopien der Datei werden erzeugt:
- %WINDIR%\ShellNew\RakyatKelaparan.exe
- %SYSDIR%\cmd-brontok.exe
- %WINDIR%\KesenjanganSosial.exe
- %USERPROFILE%\Local Settings\Application Data\smss.exe
- %USERPROFILE%\Local Settings\Application Data\br5931on.exe
- %USERPROFILE%\Local Settings\Application Data\services.exe
- %USERPROFILE%\Local Settings\Application Data\lsass.exe
- %USERPROFILE%\Local Settings\Application Data\inetinfo.exe
- %USERPROFILE%\Local Settings\Application Data\csrss.exe
- %WINDIR%\ShellNew\RakyatKelaparan.exe
- %SYSDIR%\cmd-brontok.exe
- %WINDIR%\KesenjanganSosial.exe
- %USERPROFILE%\Local Settings\Application Data\br5931on.exe
- %USERPROFILE%\Local Settings\Application Data\services.exe
- %USERPROFILE%\Local Settings\Application Data\lsass.exe
- %USERPROFILE%\Local Settings\Application Data\inetinfo.exe
- %USERPROFILE%\Local Settings\Application Data\csrss.exe
- %USERPROFILE%\Local Settings\Application Data\winlogon.exe
- %WINDIR%\ShellNew\RakyatKelaparan.exe
- %SYSDIR%\cmd-brontok.exe
- %WINDIR%\KesenjanganSosial.exe
- %USERPROFILE%\Local Settings\Application Data\br5931on.exe
- %USERPROFILE%\Local Settings\Application Data\services.exe
- %USERPROFILE%\Local Settings\Application Data\lsass.exe
- %USERPROFILE%\Local Settings\Application Data\inetinfo.exe
- %USERPROFILE%\Local Settings\Application Data\csrss.exe
- %USERPROFILE%\Start Menu\Programs\Startup\Empty.pif
- %USERPROFILE%\Templates\10044-NendangBro.com
- %SYSDIR%\%USERNAME%'s Setting.scr
- %WINDIR%\ShellNew\RakyatKelaparan.exe
- %SYSDIR%\cmd-brontok.exe
- %WINDIR%\KesenjanganSosial.exe
- %USERPROFILE%\Local Settings\Application Data\br5931on.exe
- %USERPROFILE%\Local Settings\Application Data\lsass.exe
- %USERPROFILE%\Local Settings\Application Data\inetinfo.exe
- %USERPROFILE%\Local Settings\Application Data\csrss.exe
- %WINDIR%\ShellNew\RakyatKelaparan.exe
- %SYSDIR%\cmd-brontok.exe
- %WINDIR%\KesenjanganSosial.exe
- %USERPROFILE%\Local Settings\Application Data\br5931on.exe
- %USERPROFILE%\Local Settings\Application Data\inetinfo.exe
- %USERPROFILE%\Local Settings\Application Data\csrss.exe
- %WINDIR%\ShellNew\RakyatKelaparan.exe
- %SYSDIR%\cmd-brontok.exe
- %WINDIR%\KesenjanganSosial.exe
- %USERPROFILE%\Local Settings\Application Data\br5931on.exe
- %USERPROFILE%\Local Settings\Application Data\csrss.exe
- %SYSDIR%\drivers\etc\hosts-Denied By-%USERNAME%.com
- %DISKDRIVE%\AUTOEXEC.BAT
- %temporary internet files%\Content.IE5\index.dat
- %USERPROFILE%\Cookies\index.dat
- %USERPROFILE%\Local Settings\History\History.IE5\index.dat
- %TEMPDIR%\~DFE85D.tmp
- %TEMPDIR%\~DFD2DE.tmp
- %SYSDIR%\drivers\etc\hosts-Denied By-%USERNAME%.com
- %TEMPDIR%\~DF275.tmp
- %TEMPDIR%\~DFE85D.tmp
- %TEMPDIR%\~DFD2DE.tmp
- %TEMPDIR%\~DF275.tmp
-
RegistryFolgende Registryeinträge werden hinzugefügt:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableRegistryTools": dword:00000001; "DisableCMD": dword:00000000)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("Bron-Spizaetus": ""%WINDIR%\ShellNew\RakyatKelaparan.exe"")
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot ("AlternateShell": "cmd-brontok.exe")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NoFolderOptions": dword:00000001)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Tok-Cirrhatus-2454": ""%USERPROFILE%\Local Settings\Application Data\br5931on.exe""; "Tok-Cirrhatus": "")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableRegistryTools": dword:00000001; "DisableCMD": dword:00000000)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("Bron-Spizaetus": ""%WINDIR%\ShellNew\RakyatKelaparan.exe"")
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot ("AlternateShell": "cmd-brontok.exe")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NoFolderOptions": dword:00000001)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Tok-Cirrhatus-2454": ""%USERPROFILE%\Local Settings\Application Data\br5931on.exe""; "Tok-Cirrhatus": "")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableRegistryTools": dword:00000001; "DisableCMD": dword:00000000)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("Bron-Spizaetus": ""%WINDIR%\ShellNew\RakyatKelaparan.exe"")
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot ("AlternateShell": "cmd-brontok.exe")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NoFolderOptions": dword:00000001)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Tok-Cirrhatus-2454": ""%USERPROFILE%\Local Settings\Application Data\br5931on.exe""; "Tok-Cirrhatus": "")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableRegistryTools": dword:00000001; "DisableCMD": dword:00000000)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("Bron-Spizaetus": ""%WINDIR%\ShellNew\RakyatKelaparan.exe"")
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot ("AlternateShell": "cmd-brontok.exe")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NoFolderOptions": dword:00000001)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Tok-Cirrhatus-2454": ""%USERPROFILE%\Local Settings\Application Data\br5931on.exe""; "Tok-Cirrhatus": "")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableRegistryTools": dword:00000001; "DisableCMD": dword:00000000)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("Bron-Spizaetus": ""%WINDIR%\ShellNew\RakyatKelaparan.exe"")
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot ("AlternateShell": "cmd-brontok.exe")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NoFolderOptions": dword:00000001)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Tok-Cirrhatus-2454": ""%USERPROFILE%\Local Settings\Application Data\br5931on.exe""; "Tok-Cirrhatus": "")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableRegistryTools": dword:00000001; "DisableCMD": dword:00000000)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ("Bron-Spizaetus": ""%WINDIR%\ShellNew\RakyatKelaparan.exe"")
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot ("AlternateShell": "cmd-brontok.exe")
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NoFolderOptions": dword:00000001)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Tok-Cirrhatus-2454": ""%USERPROFILE%\Local Settings\Application Data\br5931on.exe""; "Tok-Cirrhatus": "")
- HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
-
HTTP-Anfragen
- www.*****eb.com/News/cmbrotlu3/IN16QGROQGRO.css
- www.*****eb.com/News/cmbrotlu3/Host16.css