NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Virus alerts

November 27th, 2007, 08:23 GMT · By Bogdan Popa

How About A Virus That Restarts Your Computer?

Adjust text size:

The USB flash drives can be used to spread the infection

WORM_BRONTOK.CE is a new worm discovered by security company Trend Micro which confirmed that the infection affects most Windows versions including 98, ME, NT, 2000, XP, Server 2003. Although the worm has a medium damage potential and a medium distribution potential, there are no reported infections yet. In case you're wondering how you can get infected, you should know that WORM_BRONTOK.CE can be deployed by other infections or straight by the users who visit malicious pages. The installation is done without

their approval so there's no way to find out if you're infected in case you don't have an antivirus. But what's more important is that the threat aims to harm several file formats in order to be sure that it is executed on the victim's computer.

"Upon execution, this worm drops the following files. This worm creates registry entries to enable its automatic execution at every system startup. It also modifies registry entries in order to execute itself every time a .EXE, .COM, .PIF, or .BAT file is run," Trend Micro noted in the security advisory.

In addition to these affected file extensions, the worm attempts to reboot the computer every time a certain string is detected in the Internet Explorer title bar. This way, the affected consumers can get their systems restarted every time they visit certain websites. "This worm restarts the affected system when it finds an open window containing certain strings in the title bar of Internet Explorer (IE)," Trend Micro explained.

Moreover, the infection uses the Windows folder icon to hide its files from the users. "It also uses the Windows folder icon to trick affected users into thinking that it is a normal or legitimate folder. Once clicked, it opens the My Documents folder to hide its execution routines."

Just like several other Windows infections, WORM_BRONTOK.CE attempts to spread itself by installing on every removable drive connected to an infected computer. The propagation is done through an Autorun.inf file dropped on every removable device which is used to infect clean computers and execute the worm.

FILED UNDER:

TELL US WHAT YOU THINK:

6,803 hits · 4 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

BitDefender Reports on Threats

Malware Author Apologizes for Windows Worm

New Virus Takes Advantage of Windows Vulnerabilities

Worm Creators Trialed

Silly Worm Aiming to Infect USB Devices

READER COMMENTS:

Comment #1 by: mark_gannaban on 02 Jan 2008, 10:14 UTC	reply to this comment
brontok can be remove by mcAfee bootable CD. Its guarateed, I usewd it many times.

Comment #1.1 by: Terri_Schubert on 31 Mar 2009, 15:31 GMT

Some of the newer versions of Brontok d/l additional viruses or worms that corrupt the system files of Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, and Windows XP, which will cause the White Screen of Death. On a Windows 3.11 System a White Box of Doom may appear instead. The only solution once this occurs is to reinstall Windows.

Comment #1.2 by: James Macrow on 30 Sep 2009, 07:22 GMT

If one used the infected drive as a slave, in order to retrieve user files, would it be contagious or do an autorun dealio? Thanks in advance!

Comment #2 by: jeland on 18 Aug 2010, 08:39 UTC	reply to this comment
my comp is keep on restarting and restarting why? pls answer tnksZ

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use