high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | February 2006 (4.02) |
| Protection available since | 22 November 2005 22:16:00 (GMT) |
| Last updated | 2 December 2005 14:04:23 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Yimp-B is an Instant Messaging worm for the Windows platform.
W32/Yimp-B attempts to spread via the Yahoo and AOL Instant Messenger clients.
W32/Yimp-B will send one of the following messages to the user's contacts, with
a link pointing to to a copy of the worm:
wow! me and my friends just got on my new webcam! come watch us:
wow.. is this you?
found your picture! is this you?
haha, this girl got busted so bad..
lmao i cant stop laughing at this!
omg... this doesn't look right at all!!
this girl is crazy! go look at here
you have to take a look at this, tell me if you can open it
hey, you have to try this out... [link] - removes all the spyware and viruses
check this out: [link] - it's live and free
omg... i think i just found a pic of you, let me know
W32/Yimp-B is distributed in the form of a self-extracting archive that drops the following files:
<Windows>\y5b\1004270.exe
<Windows>\y5b\YSBAgree.exe
<Windows>\y5b\iS.exe
The file iS.exe is the main worm component. The file YSBAgree.exe is an installer for the other files. The file 1004270.exe is an adware application.
When first run iS.exe copies itself to <System>\kernal64.exe.
The following registry entries are created to run kernal64.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Kernel 64
<System>\kernal64.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Kernel 64
<System>\kernal64.exe
|
