Tuesday, March 30, 2010
Brontok
Brontok
From Wikipedia, the free encyclopedia
The Brontok worm is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer. Variants of the Brontok worm include:
* Brontok.A
* Brontok.B
* Brontok.C
* Brontok.D
* Brontok.F
* Brontok.G
* Brontok.H
* Brontok.I
* Brontok.K
* Brontok.Q
Other names
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E, W32.Rontokbro.D@mm., I-Worm.VB.DV
Description
Brontok virus came from Indonesia. It arrives as an attachment of e-mail named kangen.exe ("kangen" word itself means "miss you so much"). When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. The computer also restarts when trying to open DOS window (Command Prompt) in Windows and prevents the user from downloading files. It also pop ups the default Web browser and loads a web page (HTML) which is located in the "My Pictures" (or on Windows Vista, "Pictures") folder. It creates .exe files in folders usually named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives.
Removal
Brontok can be removed by most up to date anti-virus solutions although there are various standalone tools available;
* Brontok removal tool released by Sophos
Origin
The virus/email moha66 itself contains a message in Indonesian (and some broken English).
It also contains a JavaScript pop-up.
The worm also carried out a ping flood attack on two websites: israel.gov.il and playboy.com. This virus may be an example of Hacktivism. Brontok inspired the creation of a more persistent trojan / worm such as Daprosy Worm which attacked internet cafes on July 2009.
Categories: E-mail worms
Source: http://en.wikipedia.org/wiki/Brontok
Remove Brontok worm. Description and removal instructions
Title: Brontok worm
Also known as: Worm.Brontok
Type: Worms
Severity scale:Brontok worm severity is 91 (91 / 100)
The Brontok worm is a parasite that spreads across internet by sending infected email attachments to potential host systems. Usually, the message contained in these emails is an offer to check out a particular photo, contained in the "Photo.zip" archive attachment.
Your capabilities to remove the Brontok worm will be disabled immediately after infection, as the parasite will modify your registry entries and security settings. It can also shut down your anti-virus software, which speaks nothing but danger to your system. Be sure not to open suspicious email attachments, especially those with "Photo.zip" names on them.
Brontok worm properties:
• Hides from the user
• Stays resident in background
Other programs to remove Brontok worm:
• Malwarebytes Anti Malware
• Windows Defender
Source: http://www.2-spyware.com/remove-brontok-worm.html
From Wikipedia, the free encyclopedia
The Brontok worm is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer. Variants of the Brontok worm include:
* Brontok.A
* Brontok.B
* Brontok.C
* Brontok.D
* Brontok.F
* Brontok.G
* Brontok.H
* Brontok.I
* Brontok.K
* Brontok.Q
Other names
Other names for this worm include: W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E, W32.Rontokbro.D@mm., I-Worm.VB.DV
Description
Brontok virus came from Indonesia. It arrives as an attachment of e-mail named kangen.exe ("kangen" word itself means "miss you so much"). When Brontok is first run, it copies itself to the user's application data directory. It then sets itself to start up with Windows, by creating a registry entry in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key. It disables the Windows Registry Editor (regedit.exe)and modifies Windows Explorer settings. It removes the option of "Folder Options" in the Tools menu so that the hidden files, where it is concealed, are not easily accessible to the user. It also turns off Windows firewall. In some variants, when a window is found containing certain strings (such as "application data") in the window title, the computer reboots. User frustration also occurs when an address typed into Windows Explorer is blanked out before completion. Using its own mailing engine, it sends itself to email addresses it finds on the computer, even faking the own user's email address as the sender. The computer also restarts when trying to open DOS window (Command Prompt) in Windows and prevents the user from downloading files. It also pop ups the default Web browser and loads a web page (HTML) which is located in the "My Pictures" (or on Windows Vista, "Pictures") folder. It creates .exe files in folders usually named as the folder itself (..\documents\documents.exe) this also includes all mapped network drives.
Removal
Brontok can be removed by most up to date anti-virus solutions although there are various standalone tools available;
* Brontok removal tool released by Sophos
Origin
The virus/email moha66 itself contains a message in Indonesian (and some broken English).
It also contains a JavaScript pop-up.
The worm also carried out a ping flood attack on two websites: israel.gov.il and playboy.com. This virus may be an example of Hacktivism. Brontok inspired the creation of a more persistent trojan / worm such as Daprosy Worm which attacked internet cafes on July 2009.
Categories: E-mail worms
Source: http://en.wikipedia.org/wiki/Brontok
Remove Brontok worm. Description and removal instructions
Title: Brontok worm
Also known as: Worm.Brontok
Type: Worms
Severity scale:Brontok worm severity is 91 (91 / 100)
The Brontok worm is a parasite that spreads across internet by sending infected email attachments to potential host systems. Usually, the message contained in these emails is an offer to check out a particular photo, contained in the "Photo.zip" archive attachment.
Your capabilities to remove the Brontok worm will be disabled immediately after infection, as the parasite will modify your registry entries and security settings. It can also shut down your anti-virus software, which speaks nothing but danger to your system. Be sure not to open suspicious email attachments, especially those with "Photo.zip" names on them.
Brontok worm properties:
• Hides from the user
• Stays resident in background
Other programs to remove Brontok worm:
• Malwarebytes Anti Malware
• Windows Defender
Source: http://www.2-spyware.com/remove-brontok-worm.html
Tuesday, March 23, 2010
Hello World
Labels: antivirus 360, antivirus removal, microsoft antivirus, removal tool, remove virus, spyware removal, tool removal, trojan removal, trojan virus, virus removal, virus remover, virus scan
Subscribe to Posts [Atom]