Trojan:W32/Yakes

Aliases:

Trojan:W32/Yakes
Trojan:W32/Yakes.B Trojan:W32/Yakes.N

Category:
Type:
Platform:

Malware
Trojan
W32

Summary

Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.

Disinfection & Removal

Automatic

Allow F-Secure Anti-Virus to disinfect the relevant files.For more general information on disinfection, please see Removal Instructions.

Technical Details

The technical details below describe both the .B and .N variants of this family.

Installation

On execution, the trojan creates the following temporary file

%temp%\bh.tmp

The TMP file is a text file containing a 32 hexadecimal string in UUID/GUID format. This string is the same as the parameter fed to the websites the trojan connects to.

Activity

When active, Yakes attempts to connect to and download files from two Russian forums.

As part of its activity, the trojan sets the following registry launchpoint:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run PID = [Path of the malware sample]

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Submit

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go to Community

Trojan:W32/Yakes

Summary

Disinfection & Removal

Technical Details

Submit a sample

Give And Get Advice

Protecting the irreplaceable

Protection

Analysis

Downloads

Support

News & feeds

Connect

About F-Secure

Information

Visit also

F-Secure for consumers

F-Secure for operators

F-Secure for business

F-Secure Corporation