W32.Yahack.A
Aliases: Generic8.OHR, Tool.Win32.YahooDump.a
Variants: W32/Pwstool.C, Trojan.PWSYahooDump.A
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 03 Oct 2007
Damage: Medium
Characteristics: The W32/Yahack.A program is a worm that propagates through mapped drives. The worm logs keystrokes, gathers information on your system, and steals yahoo messenger passwords. The systems affected by this worm are Windows 95, Windows 98, Windows XP, Windows Vista, Windows Me, Windows NT, Windows 2000 and Windows Server 2003.
W32.Yahack.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Yahack.A from your computer.
More details about W32.Yahack.A
Once the worm executes to your system, it creates autorun.inf on the current folder of the user, UpDateWinc.exe on the system, LogBoy.log on the windows directory, a1.exe, pass1.txt, tem.exe, and temp1.bat on the system drive as well as NTDETECT.exe on the drive letter. The purpose for these file creations is for the worm to execute itself whenever the drive is accessed. After that process, it creates registry entry and records Yahoo! Messenger usernames and passwords, Mouse clicks, Keystrokes, and Title of active window on the compromised computer. After getting these information the worm e-mails the information to a remote attacker utilizing the SMTP server. The worm is likely to drop %SystemDrive%\a1.exe Trojan Horse as well.
Systems that are infected with the
[email protected] software may run slower than usual and become unstable. This may be due to the activities of the remote user on the affected computer.