IM-Worm.Win32.Yahos.hh
IM-Worm.Win32.Yahos.hh is a network-aware worm that tries to copy itself across the existing network(s). IM-Worm.Win32.Yahos.hh could request other files from Internet through some URLs. IM-Worm.Win32.Yahos.hh create its startup registry entry in the system to guarantee it will initiate when the computer system is launched. What's worse, ports were open in the infected system by IM-Worm.Win32.Yahos.hh. The ports were registered with an effort to establish connection with the remote hosts. IM-Worm.Win32.Yahos.hh is a serious threat for the computer system, at the time when it is identified, so the removal should be accomplished.
File System Details
IM-Worm.Win32.Yahos.hh creates the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Windir%\nvsvc32.exe | N/A |
| 2. | %Windir%\wibrf.jpg | N/A |
| 3. | %Windir%\wiybr.png | N/A |
| 4. | %Windir%\ndl.dl | N/A |
Registry Details
IM-Worm.Win32.Yahos.hh creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NVIDIA driver monitor = "%Windir%\nvsvc32.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run]
