Troj/YahLog-A is a configurable password-stealing Trojan for the Windows platform.
Troj/YahLog-A attempts to steal passwords for Yahoo Messenger.
When first run Troj/YahLog-A copies itself to <Downloaded Program Files>\smss.exe and creates the file <Downloaded Program Files>\svchost.exe. This file is also detected as Troj/YahLog-A.
The following registry entry may created to run Troj/YahLog-A on startup:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}
StubPath
<Downloaded Program Files>\svchost.exe
Troj/YahLog-A sets the following registry entries, disabling the automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\srservice
Start
4