W32.Yadurna.A
Aliases: TR/Drop.Fkpws, Trojan.Dropper.Fkpws.A, Virus.Win32.VB.dk, W32/VBTroj.GAW
Variants: Worm.Win32.VB.hg, Worm/VB.AYC
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 16 Apr 2007
Damage: Low
Characteristics: The W32.Yadurna.A program is a worm that duplicates itself to the root directories of mapped drives. It may cause the compromised computer to be unstable. Systems affected by this worm are Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows XP and Windows Server 2003.
W32.Yadurna.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Yadurna.A from your computer.
More details about W32.Yadurna.A
W32.Yadurna.A impersonates as a Password recovery tool and can be downloaded onto the computer. The user of the compromised computer presented with a password recovery dialogue box once the malicious application is downloaded. This worm is dropped and run when the password recovery dialogue is closed. Once the worm is run, it duplicates itself to the Windows directory, lo5tword.exe, drive letter and user profile using either document.exe, Tugas.exe, w4y4n9.exe, HP Bunga Citra Lestari.exe, spoolsv.exe, svchost.exe, Hanuman.exe, services.exe, GatoTkaca.scr, w4y4n9.exe, smss.exe, csrss.exe, w32 Wayang.exe, lsass.exe, SMA Negeri 4.exe, daLang MistiQ.exe, Kota P4hlawan.exe, Windows [RANDOM NUMBER].exe and Majnun was H3re.exe.
The worm can create one or more folders and then it copies itself using one or more of file mentioned above into these folders. The worm then drops bitmap pictures and sets the desktop wallpaper image to one of the pictures dropped by W32.Yadurna.A. It then creates registry entries in order for the worm to run whenever windows start. The worm may as well modify the registry entries and reportedly infect files .html extensions found on your computer with the link to a copy of the threat. W32.Yadurna.A blocks access to many security related sites by adding text to hosts file. After all of these processes are completed, it can cause your compromised computer to become unstable.