W32/Yodo-C

Aliases	W32/Yodo.c@MM Win32/Yodo.C worm WORM_YODIDOO.A P2P-Worm.Win32.VB.aj
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Peer-to-peer
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	August 2007 (4.20)
Protection available since	11 July 2007 05:22:04 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Yodo-C is a worm for the Windows platform.

When first run W32/Yodo-C copies itself to:

<Program Files>\KaZaA Lite\My Shared Folder\Keygen.exe
<Program Files>\KaZaA Lite\My Shared Folder\Windows XP.exe
<Program Files>\KaZaA Lite\My Shared Folder\halflife.exe
<Program Files>\KaZaA Lite\My Shared Folder\hentai game.exe
<Program Files>\KaZaA\My Shared Folder\Keygen.exe
<Program Files>\KaZaA\My Shared Folder\Windows XP.exe
<Program Files>\KaZaA\My Shared Folder\halflife.exe
<Program Files>\KaZaA\My Shared Folder\hentai game.exe
<System>\updater.exe

and may display such messages as:

"Greetings from the underground to those in the normal world "
"Hello Again Dolly! This time we are back for Round 2. Hope your Ready ^_^"

The following registry entry is created to run updater.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windowz Update V2.0
updater.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Yodo-C

Summary

Action

More Information