Home > Threat descriptions >



Category: Malware

Type: Trojan

Aliases: Trojan:W32/Yakes, Trojan:W32/Yakes.B, Trojan:W32/Yakes.N


Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.


Automatic action

Once detected, the F-Secure security product will automatically handle a harmful program or file by either deleting or renaming it.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

The technical details below describe both the .B and .N variants of this family.


On execution, the trojan creates the following temporary file

  • %temp%\bh.tmp

The TMP file is a text file containing a 32 hexadecimal string in UUID/GUID format. This string is the same as the parameter fed to the websites the trojan connects to.


When active, Yakes attempts to connect to and download files from two Russian forums.

As part of its activity, the trojan sets the following registry launchpoint:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run PID = [Path of the malware sample]