Win32:Yenik, I-Worm/Yenik.A, [email protected]
, W32/Yenik.A.worm, Win32/Yenik.A
Variants: [email protected]
, W32/Yenik-A, Win32/[email protected]
, WORM_YENIK.A, Worm/Yenik
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
10 Feb 2004
The W32/[email protected]
program is a worm that sends itself through e-mail to the addresses found in the Microsoft Outlook address book. The e-mail attachment comes with a variable subject and variable name of the attachment. The attachment has a .exe file extension. It will as well attempt to spread via network shares, such as Morpheus, KaZaA, eMule, BearShare, eDonkey, and Grokster, and ICQ.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
When W32/[email protected]
is executed on your system, it attempts to copy %System%\Updater.exe in the recent working directory (this is the directory in which the file was executed) as NewVirusCleaner.exe, WinXP-SP1.exe, W32-Myd00m_Blocker.exe, VirusHunherII.exe, InternetExplorerSecurity.exe, FreeAntivirus.exe, PrivateMessage.exe, Patcher.exe, and Win98Security.exe. The worm will utilize account information from the registry key and SMTP server to e-mail itself to all addresses it found on the Windows Address Book. The subject, message body, and attachment vary. They could be temporarily stored as Yeni.txt, found in current working directory. The e-mail comes with a subject Big Virus Cleaner Tools, Internet Explorer Security Bug Fix, New Private Message, Win98 Security Tools, No Virus and New Life, New Security Patcher and Free Antivirus.
The [email protected]
application enters a computer stealthily. It may unknowingly be downloaded by the user when visiting websites that are embedded with illicit codes. A computer that is not updated with the latest patch for vulnerabilities is easily infected with this application. The software takes advantage of program errors to enter the computer without being detected by the user. The [email protected]
software creates a backdoor on the affected computer. A remote user can use this backdoor to send some commands to the Trojan program. These commands consist of activities that may decrease the system’s performance. This includes uploading and downloading of unwanted content, starting web attacks and removing important files from the user’s machine.