Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
You can refer to General Removal Instructions for a simple guide on how to remove harmful programs.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
The technical details below describe both the .B and .N variants of this family.
On execution, the trojan creates the following temporary file
The TMP file is a text file containing a 32 hexadecimal string in UUID/GUID format. This string is the same as the parameter fed to the websites the trojan connects to.
When active, Yakes attempts to connect to and download files from two Russian forums.
As part of its activity, the trojan sets the following registry launchpoint: