ThreatExpert's Statistics for Email-Worm.Brontok!sd5 [PC Tools]:

Email-Worm.Brontok!sd5 [PC Tools] is also known as:

Threat Alias	Number of Incidents
W32/Rontokbro.gen@MM [McAfee]	105
W32.Rontokbro@mm [Symantec]	95
Email-Worm.Win32.Brontok.q [Kaspersky Lab]	94
W32/Brontok-K [Sophos]	49
Worm:Win32/Brontok.AF@mm [Microsoft]	49
WORM_RONTKBR.D [Trend Micro]	49
Email-Worm.Win32.Brontok.A [Ikarus]	42
WORM_RONTKBR.GEN [Trend Micro]	23
Email-Worm.Win32.Brontok [Ikarus]	16
WORM_BRONTOK.BA [Trend Micro]	16
Email-Worm.Win32.Brontok.a [Kaspersky Lab]	7
Win32/Brontok.worm.45417 [AhnLab]	7
Email-Worm.Win32.Brontok.n [Kaspersky Lab]	6
W32.Rontokbro.B@mm [Symantec]	4
W32/Brontok-N [Sophos]	4
W32/Rontokbro.b@MM [McAfee]	4
WORM_RONTOKBRO.B [Trend Micro]	4
W32.Rontokbro.K@mm [Symantec]	3
W32.Rontokbro.U@mm [Symantec]	3
W32.Rontokbro.D@mm [Symantec]	2
W32/Brontok-B [Sophos]	2
W32/Brontok-D [Sophos]	2
W32/Brontok-Gen, Mal/Heuri-D, Mal/EncPk-BA [Sophos]	2
Win32/Rontokbro.worm.81920 [AhnLab]	2
Worm:Win32/Brontok.FFD [Microsoft]	2
WORM_RONTOKBRO.D [Trend Micro]	2
WORM_RONTOKBRO.H [Trend Micro]	2
Email-Worm.Win32.Brontok.aa [Kaspersky Lab]	1
Email-Worm.Win32.Brontok.ad [Kaspersky Lab]	1
Email-Worm.Win32.Brontok.f [Kaspersky Lab]	1
Generic.dw [McAfee]	1
W32.Rontokbro.AN@mm [Symantec]	1
W32.Rontokbro.X@mm [Symantec]	1
W32.SillyFDC [Symantec]	1
W32.Xirtam.A@mm [Symantec]	1
W32/Brontok-BZ [Sophos]	1
W32/Brontok-CH [Sophos]	1
W32/Brontok-E [Sophos]	1
W32/Brontok-G [Sophos]	1
W32/Brontok-Gen, Mal/EncPk-BA, Mal/Packer [Sophos]	1
W32/Brontok-Gen, Mal/Packer, Mal/EncPk-BA [Sophos]	1
W32/Brontok-W [Sophos]	1
W32/Brontok-X [Sophos]	1
Win32/Brontok.worm.107008.B [AhnLab]	1
Win32/Brontok.worm.42065 [AhnLab]	1
Win32/Brontok.worm.42643 [AhnLab]	1
Win32/Brontok.worm.42687.B [AhnLab]	1
Win32/Brontok.worm.42734 [AhnLab]	1
Win32/Brontok.worm.44401 [AhnLab]	1
Win32/Brontok.worm.49152.G [AhnLab]	1
Win-Trojan/Brontok.45323 [AhnLab]	1
Worm:Win32/Brontok.AA@mm [Microsoft]	1
Worm:Win32/Brontok.AR@mm [Microsoft]	1
Worm:Win32/Brontok.BL@mm [Microsoft]	1
Worm:Win32/Brontok.BU@mm [Microsoft]	1
Worm:Win32/Brontok.E@mm [Microsoft]	1
Worm:Win32/Brontok.L@mm [Microsoft]	1
Worm:Win32/Brontok.P@mm [Microsoft]	1
Worm:Win32/Brontok.Q@mm [Microsoft]	1
Worm:Win32/Brontok.R@mm [Microsoft]	1
Worm:Win32/Brontok.W@mm [Microsoft]	1
WORM_BRONTOK.AB [Trend Micro]	1
WORM_BRONTOK.AJ [Trend Micro]	1
WORM_BRONTOK.CB [Trend Micro]	1
WORM_BRONTOK.Q [Trend Micro]	1
WORM_Generic [Trend Micro]	1
WORM_RONTKBR.B [Trend Micro]	1
WORM_RONTKBR.C [Trend Micro]	1
WORM_RONTKBR.F [Trend Micro]	1
WORM_RONTKBR.Q [Trend Micro]	1
WORM_RONTOKBRO.C [Trend Micro]	1
WORM_RONTOKBRO.G [Trend Micro]	1
WORM_RONTOKBRO.R [Trend Micro]	1
WORM_RONTOKBRO.S [Trend Micro]	1
WORM_RONTOKBRO.V [Trend Micro]	1

Email-Worm.Brontok!sd5 [PC Tools] is known to be created as:

%AppData%\br6657on.exe

%AppData%\csrss.exe

%AppData%\inetinfo.exe

%AppData%\jalak-931738815-bali.com

%AppData%\lsass.exe

%AppData%\services.exe

%AppData%\smss.exe

%AppData%\svchost.exe

%AppData%\winlogon.exe

%MyDocuments%\backup.exe

%System%\backup.exe

%System%\c_44292k.com

%System%\cmd.com

%System%\cmd-bro-kkx.exe

%System%\cmd-bro-mkx.exe

%System%\cmd-brontok.exe

%System%\cmd-bro-plx.exe

%System%\cmd-bro-rmx.exe

%System%\drivers\winlogon.exe

%System%\dvbern.exe

%System%\dxblao.exe

%System%\dxblaz.exe

%System%\dxblbh.exe

%System%\dxblbl.exe

%System%\dxblbm.exe

%System%\dxblbo.exe

%System%\dxblbp.exe

%System%\dxblct.exe

%System%\moe\drona.exe

%System%\n7533\b8682.exe

%System%\n7533\csrss.exe

%System%\n7533\lsass.exe

%System%\n7533\services.exe

%System%\n7533\smss.exe

%System%\n7533\sv711738830r.exe

%System%\n7533\winlogon.exe

%System%\send.sys

%System%\svchos.exe

%Temp%\folderdata.exe

%Temp%\reply.exe

%Temp%\temp.exe

%Templates%\11496-nendangbro.com

%Templates%\a.kotnorb.com

%Templates%\bararontok.com

%Templates%\brengkolang.com

%Templates%\wowtumpeh.com

%UserProfile%\csrss.exe

%UserProfile%\spoolsv.exe

%UserProfile%\winlogon.exe

%Windir%\berasjatah.exe

%Windir%\eksplorasi.exe

%Windir%\inf\norbtok.exe

%Windir%\j6442922.exe

%Windir%\kesenjangansosial.exe

%Windir%\matrix.scr

%Windir%\sembako-cfzjlpg.exe

%Windir%\sembako-ckzjkkh.exe

%Windir%\sembako-cmzjkkg.exe

%Windir%\sembako-cnzjkmh.exe

%Windir%\sembako-dfzjmrh.exe

%Windir%\sexgirl.scr

%Windir%\shellnew\bbm-rrtkmhnc.exe

%Windir%\shellnew\bbm-tqrkkgmc.exe

%Windir%\shellnew\bbm-uprlpgfc.exe

%Windir%\shellnew\bbm-vtrlmhmc.exe

%Windir%\shellnew\bbm-xqukkhkc.exe

%Windir%\shellnew\bbm-ytmmrhfd.exe

%Windir%\shellnew\bronstab.exe

%Windir%\shellnew\elnorb.exe

%Windir%\shellnew\rakyatkelaparan.exe

%Windir%\shellnew\sempalong.exe

%Windir%\us18336\ib8682.exe

c:\backup.exe

c:\recycler\lsass.exe

c:\recycler\msinfo\msinfo.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.