Published Mar 04, 2008 | Updated Sep 15, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: Win32/Brontok.worm.Gen (AhnLab) W32/Brontok.F@mm (Command) I-Worm/VB.GC (AVG) Win32.Worm.Rontok.F (BitDefender) Win32/Brontok (ESET) Email-Worm.Win32.Brontok.q (Kaspersky) W32/Rontokbro.gen@MM (McAfee) W32/Rontokbro.Y@mm (Norman) W32/Brontok.H.worm (Panda) W32/Brontok-E (Sophos) Email-Worm.Win32.Brontok.a (Sunbelt Software) W32.Rontokbro@mm (Symantec) WORM_BRONTOK.HY (Trend Micro) I-Worm.Brontok.R (VirusBuster)


Worm:Win32/Brontok.AR@mm is detection for a group of variants of the Win32/Brontok worm family.
This worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner ( For more information, see
Follow us