Troj/PWSYahoo-A is a password stealing Trojan targeting the Yahoo! Messenging service.
Troj/PWSYahoo-A is a password stealing Trojan targeting the Yahoo! Messenging service.
Troj/PWSYahoo-A will send stolen information to a remote user via email.
When first run Troj/PWSYahoo-A copies itself to <Windows>\NDDENB.exe.
The following registry entry is created to run NDDENB.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft PCHealth32
NDDENB.exe
The following registry entry is set, disabling the registry editor (regedit):
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
disableregistrytools
1