Virus Encyclopedia
Welcome to the Virus Encyclopedia of Panda Security.
Yanz.A | |
Threat Level Damage Distribution |
 |
| Common name: | Yanz.A |
| Technical name: | W32/Yanz.A.worm |
| Threat level: | Medium |
| Alias: | W32/Yanz.a@MM, I-Worm.Yanz.a |
| Type: | Worm |
|
Subtype:
| Backdoor |
| Effects: | It opens the TCP port 67 and runs any executable file that is remotely downloaded through this port. |
| Affected platforms:
| Windows XP/2000/NT/ME/98/95 |
| First detected on: | Nov. 16, 2004 |
| Detection updated on: | Nov. 17, 2004 |
| Statistics | No |
Proactive protection: | Yes, using TruPrevent Technologies
|
Brief Description | |
Yanz.A is a worm that opens the TCP port 67 and listens to it. The worm will attempt to run any executable file that is remotely downloaded to the affected computer through this port. The downloaded file could be of any nature, including malware. Yanz.A attempts to end the processes belonging to the Windows Registry editor, called REGEDIT.EXE, and MSCONFIG.EXE. Yanz.A spreads via e-mail in a message with variable characteristics, and through peer-to-peer (P2P) file sharing programs. Both the e-mails and the shared files always refer to the singer Sun Yan Zi. |
Visible Symptoms | |
Yanz.A is easy to recognize once it has affected the computer, as it displays the following image on screen when it is run: 
The e-mail messages and the shared files in which Yanz.A reaches the computer always refer to the singer Sun Yan Zi. |