W32.yimfoca.b
W32.yimfoca.b is a computer worm that will cause much harm to a computer system and the data stored on it. The propagation method used by W32.yimfoca.b involves instant messaging applications. The malicious worm sends instant messages with infected links or attachments to the contacts it harvests from a compromised computer. Once W32.yimfoca.b is executed, it will communicate with a remote server where it will receive commands and additional computer malware to download onto the compromised computer. Users infected with W32.yimfoca.b will typically experience a decrease in their computers' performances or a complete dysfunction. Do not delay removing W32.yimfoca.b from your PC once detected.
File System Details
W32.yimfoca.b may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. |
C:\Documents and Settings\ |
|
| 2. |
C:\Users\ |
|
| 3. | %System%\winrtsnr.txt |
Registry Details
W32.yimfoca.b may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"C:\Documents and Settings\Administrator\Application Data\HEX-5823-6893-6818\jutched.exe" = "C:\Documents and Settings\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"C:\Documents and Settings\Administrator\Application Data\HEX-5823-6893-6818\jutched.exe" = "C:\Documents and Settings\Admi
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Java Update Manager" = "C:\Documents and Settings\Administrator\Application Data\HEX-5823-6893-6818\jutched.exe"
