Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software.
BackDoor.YFP is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC).
One of the malicious exe files acts a Server exchanging commands.
Once Local machine is infected, it uses local machines IP and places messages on IRC as "excuse me,but its seems that your computer is vulnerable to the new mirc exploit,so get yourself ASAP this repair from http://[Local IP ]/WinXP_Mirc_Fix.exe"
This worm Disables Anti Virus Notifications, Disables Firewall Notifications, Overrides Firewall, Disables Updates Notifications.
It adds False IP's to more than 50 popular anti virus companies urls in the Host file.
Spreading of YFP Worm.
Large amount of Hijacked domains are placed in the Hosts file. Its probably better to delete the file itself than to fix each item.(and create a Backup)
File location is C:\Windows\System32\drivers\etc\hosts
To Correct Modified Registry Values:
1.Click on Start , click run.
2.Type "regedit" and press enter.
3.Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
4.Right Click on "AntiVirusDisableNotify" ,click on Modify , Type " 0 " in Value Data field in place of "1" and press Enter.
5.Right Click on "FirewallDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
6.Right Click on "FirewallOverride" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
7.Right Click on "UpdatesDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.