1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Trojan:Android/Smspacem.A

Trojan:W32/Yakes

Detection Names : Trojan:W32/Yakes.B
Trojan:W32/Yakes.N
Category:Malware
Type:Trojan
Platform:W32

Summary

Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.

Disinfection

Automatic

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Additional Details

The technical details below describe both the .B and .N variants of this family.


Installation

On execution, the trojan creates the following temporary file

  • %temp%\bh.tmp

The TMP file is a text file containing a 32 hexadecimal string in UUID/GUID format. This string is the same as the parameter fed to the websites the trojan connects to.


Activity

When active, Yakes attempts to connect to and download files from two Russian forums.

As part of its activity, the trojan sets the following registry launchpoint:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PID = [Path of the malware sample]