Troj/YBHO-A is a password-stealing Trojan for the Windows platform.
Troj/YBHO-A contains functionality to access the internet and communicate with a remote server.
Troj/YBHO-A is a password-stealing Trojan for the Windows platform.
Troj/YBHO-A contains functionality to access the internet and communicate with a remote server.
When first run Troj/YBHO-A drops the following file:
<Windows>\yhelp.dll - detected as Troj/YBHO-A
Troj/YBHO-A creates the following registry entry to start itself:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Yahoo! Helper
Rundll32.exe yhelp.dll,Init
as well as a COM object and Browser Helper Object (BHO) under the following registry trees:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E838FBB2-574D-4926-9C81-CCB15F3A3F53}
HKCR\CLSID\{E838FBB2-574D-4926-9C81-CCB15F3A3F53}