BRONSTAB.EXE is Worm Brontok.CB

Detected by UnHackMe:

BRONSTAB.EXE
Default location: %WinDir%\SHELLNEW\bronstab.exe

Removal Results: Success
Number of reboot: 1

BRONSTAB.EXE is known as:

Worm.Brontok.CB, W32.Brontok.Q, Trojan.Dropper, EmailWorm, W32.Brontok.q, Trojan.Alman.bdbarl, W32.Backdoor.HCD, W32.Rontokbro@mm, Rontokbro, Win32.Robknot.V, WORM_RONTOKBRO.R, Win32:Brontok-DF [Wrm], Stration, Worm.Brontok.C, Email-Worm.Brontok.q, I-Worm.Brontok.DL, Trojan.Agent.Gen-FakeSec, Worm.Brontok.CB (B), Worm.Brontok.W, Worm.Brontok.a, W32.Brontok-CT, I-Worm.Brontok.ho, Worm.Brontok.a.(kcloud), Worm.Brontok.AB@mm, I-Worm.Brontok.42089, Win32.Brontok.worm.42089.B, W32.Backdoor.GOJG-2943, SIM.Trojan.VBO.0192, Email-Worm.Brontok.sd5, Win32.Brontok.W, Trojan.Mnless.dyr, Email-Worm.Brontok, W32.Brontok.A@mm, Worm.Brontok.FE, W32.Brontok.IE.worm

BRONSTAB.EXE hash:

• MD5: 053dd269a3ed1ef44f0ab04599d5dffd

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus: “”%WinDir%\ShellNew\bronstab.exe”"
• HKLM\System\CurrentControlSet\Services\Schedule\AtTaskMaxHours: 0×00000048
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus: “”%Local Appdata%\smss.exe”"
• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “Explorer.exe “%WinDir%\eksplorasi.exe”"
• HKLM\System\CurrentControlSet\Services\Schedule\NextAtJobId: 0×00000002

Folders:

• %Local Appdata%\Bron.tok-10-6

Files:

• %Local Appdata%\csrss.exe
• %Local Appdata%\inetinfo.exe
• %Local Appdata%\ListHost10.txt
• %Local Appdata%\lsass.exe
• %Local Appdata%\services.exe
• %Local Appdata%\smss.exe
• %Local Appdata%\winlogon.exe
• %Startup%\Empty.pif
• %Profile%\Templates\WowTumpeh.com
• %WinDir%\SHELLNEW\bronstab.exe
• %SysDir%\Administrator’s Setting.scr
• %WinDir%\Tasks\At1.job
• %WinDir%\eksplorasi.exe