Anti virus software
Download free anti virus software Anti virus software information Order anti virus software (US$ 29.95)
Protector Plus
Anti virus software for

 Windows
 (XP, 2000, 2003, NT, Me, 98, 95)

 Exchange
 
 NetWare











Download Antivirus software

W32/Yabe.AR Trojan

Information about the W32/Yabe.AR Trojan:

W32/Yabe.AR is a trojan. The trojan will infect Windows systems.

The trojan will arrive as an attachment along with a spammed email. It may be either downloaded from the Internet or dropped by other malware.

Upon execution, it injects itself in the process SVCHOST.EXE to hide its presence from the user.

It modifies the registry at the following location to ensure its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

It also creates the following registry entries as a part of its installation routine:

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

This Trojan uses the Adobe Acrobat Reader icon to trick users into thinking that it is a legitimate PDF file. Once opened, it displays a fake error message. The generated error may suggest that the PDF file cannot be opened, but in truth, this Trojan is already executed and installed on the system.

The trojan also attempts to download and execute possible malicious files from the following websites.

http://66.235.(BLOCKED).21/~academic/img/horr.dat
http://66.235.(BLOCKED).21/~academic/img/horr.php?new=1
http://(BLOCKED)a-rue.com/mypix/Picture.php?new=1
http://(BLOCKED)a-rue.com/mypix/Picture0.txt
http://testing-one-two.com/editor/ed.php?new=1
http://(BLOCKED)ting-one-two.com/editor/edit.txt
http://www.(BLOCKED)xkabobhouse.com/images/s.dat
http://www.(BLOCKED)xkabobhouse.com/images/stat.php?new=1
http://www.(BLOCKED)gblingventures.com/snake1/uploads/avatars/how.txt
http://www.(BLOCKED)gblingventures.com/snake1/uploads/avatars/stat.php?new=1
http://www.(BLOCKED)keting-know-how.com/bookreview/inc/tss.php?new=1
http://www.(BLOCKED)keting-know-how.com/bookreview/inc/tss.txt
http://www.(BLOCKED)indesigns.net/images/cars/t.dat
http://www.(BLOCKED)indesigns.net/images/cars/t.php?new=1

This trojan first appeared on January 08, 2007.

Blueball Other names of W32/Yabe.AR Trojan:

This trojan is also known as TROJ_YABE.AR .

Click here to download a 30 day Evaluation Copy of
Protector Plus anti virus for your operating system

About Protector Plus Anti virus Software Packages:

Proland Software is the developer of Protector Plus range of anti virus software packages. Protector Plus anti virus is available for Windows XP, Windows Me/98/95, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Protector Plus range of anti virus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

You can download the 30 day evaluation copy of
Protector Plus anti virus software free of cost for these platforms:

Windows | Exchange | NetWare

Download free anti virus software | Anti virus software information | Order anti virus software

Copyright © 2007 Proland Software. All rights reserved.


Download Antivirus software