Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

WORM.BRONTOK.FFV

 

 

Name:

Worm.Brontok.ffv

Descr. Added:

January 3, 2013

Type:

Worm

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Worm.Brontok.ffv is executed, it performs the following activities:

It drops the following files on the system:

%System%\dllchache\empty.jpg
%System%\dllchache\blank.doc
%System%\dllchache\zero.txt
%System%\dllchache\hole.zip
%System%\dllchache\unoccupied.reg
%System%\dllcache\regedit32.com
%System%\dllcache\ shell32.com
%System%\rund1132.exe
%System%\m5vbvm60.exe
%System%\dllchache.exe
%Systemdrive%\aut0exec.bat
%windir%\system32.exe

It creates/modifies the following registry entries:

Userinit = "C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp""
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Secure64 = "%System%\dllcache\regedit32.com startup"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Blank AntiViri = "%RootDrive%\aut0exec.bat startup"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

"(default) = "%System%\rund1132.exe
HKLM\Software\Classes\txtfile\shell\open\command

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4