NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Yadurna. Description and removal instructions

 
Title: Yadurna
Type: Worms
Severity scale:Yadurna severity is 56  (56 / 100)
 
Yadurna is a worm that masquerades as a password recovery tool. It propagates through removable media and mapped network drives. Once executed, the parasite installs itself to the system and changes desktop background. Then it runs a payload. Yadurna blocks access to popular security-related web sites, modifies system settings, infects local web (.html) files and terminates or disables various running software including antiviruses, numerous security and system tools. The parasite secretly runs on every Windows startup.

FORUM:
Discuss Yadurna in
spyware removal forum

Related files: csrss.exe, dalang mistiq.exe, dokument.exe, hp bunga citri lestari.exe, kota p4hlawan.exe, lo5tword.exe, lsass.exe, majnun was h3ere.exe, sma negeri 4.exe, smss.exe, Spoolsv.exe, svchost.exe, tugas.exe, windows [X1].exe, w32 wayang.exe, w4y4n9.exe, gatotkaca.scr

Yadurna properties:
• Hides from the user
• Stays resident in background

Automatic Yadurna removal:

remover for Yadurna

Yadurna manual removal:

Kill processes:
csrss.exe, dalang mistiq.exe, dokument.exe, hp bunga citri lestari.exe, kota p4hlawan.exe, lo5tword.exe, lsass.exe, majnun was h3ere.exe, sma negeri 4.exe, smss.exe, spoolsv.exe, svchost.exe, tugas.exe, windows [X1].exe, w32 wayang.exe, w4y4n9.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dalang mistiq
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dokument
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gatotkaca
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hanuman
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HP Bunga Citra Lestari
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kota P4hlawan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lo5tword
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Majnun was h3re
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMA Negeri 4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tugas
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows [X1]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w32 Wayang
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w4y4n9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe [filename].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System=[filename].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ReportBookOk=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu=1
HELP:
how to remove registry entries

Delete files:
csrss.exe, dalang mistiq.exe, dokument.exe, hp bunga citri lestari.exe, kota p4hlawan.exe, lo5tword.exe, lsass.exe, majnun was h3ere.exe, sma negeri 4.exe, smss.exe, spoolsv.exe, svchost.exe, tugas.exe, windows [X1].exe, w32 wayang.exe, w4y4n9.exe, gatotkaca.scr
HELP:
how to remove harmful files

Delete directories:
C:\WINDOWS\Administrator durjana
C:\WINDOWS\Microsoft Administrator
C:\WINDOWS\nakula sadewa
C:\WINDOWS\Software Administrator
C:\WINDOWS\w4y4n9
C:\WINNT\Administrator durjana
C:\WINNT\Microsoft Administrator
C:\WINNT\nakula sadewa
C:\WINNT\Software Administrator
C:\WINNT\w4y4n9
C:\WINDOWS\System32\Administrator durjana
C:\WINDOWS\System32\Microsoft Administrator
C:\WINDOWS\System32\nakula sadewa
C:\WINDOWS\System32\Software Administrator
C:\WINDOWS\System32\w4y4n9
C:\WINNT\System32\Administrator durjana
C:\WINNT\System32\Microsoft Administrator
C:\WINNT\System32\nakula sadewa
C:\WINNT\System32\Software Administrator
C:\WINNT\System32\w4y4n9
C:\Documents and Settings\[Current User]\Application Data\Administrator durjana
C:\Documents and Settings\[Current User]\Application Data\Microsoft Administrator
C:\Documents and Settings\[Current User]\Application Data\nakula sadewa
C:\Documents and Settings\[Current User]\Application Data\Software Administrator
C:\Documents and Settings\[Current User]\Application Data\w4y4n9
[X2]:\w4y4n9
Misc:
[X1] is a random number.
[X2] is a drive letter.

The worm doesn't create all the listed files and registry entries. It usually creates only a few of them. Above are the complete lists of possible filenames and registry keys.

Other programs to remove Yadurna:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 02/05/07
Information updated: 02/05/07

Additional resources related to Yadurna:

Attention: If you know or you have a website or page about Yadurna removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Yadurna parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.