Welcome to the Virus Encyclopedia of Panda Security.
It opens the TCP port 67 and runs any executable file that is remotely downloaded through this port.
|First detected on:||Nov. 16, 2004|
|Detection updated on:||Nov. 17, 2004|
|Yes, using TruPrevent Technologies
Yanz.A is a worm that opens the TCP port 67 and listens to it. The worm will attempt to run any executable file that is remotely downloaded to the affected computer through this port. The downloaded file could be of any nature, including malware.
Yanz.A attempts to end the processes belonging to the Windows Registry editor, called REGEDIT.EXE, and MSCONFIG.EXE.
Yanz.A spreads via e-mail in a message with variable characteristics, and through peer-to-peer (P2P) file sharing programs. Both the e-mails and the shared files always refer to the singer Sun Yan Zi.
Yanz.A is easy to recognize once it has affected the computer, as it displays the following image on screen when it is run:
The e-mail messages and the shared files in which Yanz.A reaches the computer always refer to the singer Sun Yan Zi.