NORBTOK.EXE is Worm Brontok
The file NORBTOK.EXE is a computer worm.
The worm NORBTOK.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the NORBTOK.EXE problem as soon as possible!
Delete the file NORBTOK.EXE from all infected computers in your network.
Set up your network firewall against NORBTOK.EXE intervention.
Malware Analysis of NORBTOK.EXE
Full path on a computer: %WinDir%\inf\norBtok.exe
Detected by UnHackMe:
Item Name: Bron-Spizaetus
Author:
Related File: %WinDir%\INF\NORBTOK.EXE
Type: Registry Run
Item Name: Tok-Cirrhatus
Author:
Related File: %LOCAL APPDATA%\SMSS.EXE
Type: Registry Run
Item Name: Empty.pif
Author:
Related File: %STARTUP%\EMPTY.PIF
Type: Startup Folder
Item Name: At1
Author:
Related File: %PROFILE%\TEMPLATES\A.KOTNORB.COM
Type: Scheduled Tasks
Removal Results: Success
Number of reboot: 1
NORBTOK.EXE is known as:
Worm.Brontok
NORBTOK.EXE hash:
- MD5: 1c0aa9d732cbc2783f278a8b2bac2e21
The file tries to connect to the dangerous web site.
How to quickly detect NORBTOK.EXE presence?
Registry:
Folders:
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus: “”%WinDir%\INF\norBtok.exe”"
- HKLM\System\CurrentControlSet\Services\Schedule\AtTaskMaxHours: 0×00000048
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus: “”%Local Appdata%\smss.exe”"
- HKLM\System\CurrentControlSet\Services\Schedule\NextAtJobId: 0×00000002
Folders:- %Local Appdata%\Bron.tok-3-11
Files:- %Local Appdata%\csrss.exe
- %Local Appdata%\inetinfo.exe
- %Local Appdata%\lsass.exe
- %Local Appdata%\services.exe
- %Local Appdata%\smss.exe
- %Local Appdata%\Update.3.Bron.Tok.bin
- %Local Appdata%\winlogon.exe
- %Startup%\Empty.pif
- %Profile%\Templates\A.kotnorB.com
- %WinDir%\inf\norBtok.exe
- %SysDir%\3D Animation.scr
- %WinDir%\Tasks\At1.job
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
