YM-InfoCard. Recently, a widespread worm spreads through Messenger (YM). On computers that are infected, the virus will send a message like in the picture above to the entire list of friends, and the message provides a link of interest to the user to click on it. Domain listed on the links can vary, but all leads to the image.php file. If the link is clicked, then a file named IMGXXXXX.JPG-www.myspaces.com.exe will be downloaded (xxxxx is a series of numbers that also vary).Although there are a confirmation of whether to download the EXE file, it appeared that quite a lot of users are not vigilant and keep downloading it, even run the file so that the computer go into korban.Sampai today, PCMAV team has received 4 (four) YM-variant InfoCard with different file size: 73 KB, 99 KB, 103 KB and 164 KB. a variant written in Visual Basic programming language, and others with FreeBASIC, without in-pack. Icon uses the icon-type image to outwit users who may think that file is an image file.
Although most of the reported link no longer active, but it is possible there are new links and variants that continue to spread. Of the variants that have been found, one of the characteristics of this worm is to create a duplicate of himself to the WINDOWS \ infocard.exe, and activate it in memory, this process is visible in Task Manager.
The name of the file that created this worm is infocard.exe or lnfocard.exe (diff in his first letter, the letter "i" and "l"), depending on the type of variants. In addition to the Windows folder, YM-InfoCard also replicate themselves by the name of the file C: \ d.exe, Program Files \ lnfocard.exe, also create a file Windows \ winbrd.jpg, and an empty file with the name Windows \ mds.sys and Windows \ mdt.sys.
Spread via YM has also been done another worm like Autoit. Although there are no damaging effects inflicted on the infected computer, but which quickly spread to watch.
To eradicate this virus or another virus variant, PCMAV Update 3.0.2 Build1 been present with the addition of 35 new virus variant identification. For those users PCMAV 3.0.2, it is strongly recommended to update immediately, so that you PCMAV can recognize and eradicate the virus more.
List of virus addition to 3.0.2 Update PCMAV Build1:
AwaN.A
AwaN.B
Bohia
Bohia.dll
Bohia.url.A
Bohia.url.B
Bohia.url.C
Bohia.url.D
Bohia.url.E
Bohia.url.F
Geografi.C
Hswdc:EXE_PE32
Malingsi.P
Malingsi.Q
Malingsi.Q..mrc
Malingsi.Q.dll
Malingsi.Q.dll
Malingsi.Q.dll
Malingsi.Q.ini
Rieysha-Jogja.C
Rieysha-Jogja.C.vbs.A
Rieysha-Jogja.C.vbs.B
Rieysha-Lokal.B
Rieysha-Lokal.B.bat
RinaRudy.B
Salxls.C
Sarap
Sesiana.vbs.A
Sesiana.vbs.A.inf
Sesiana.vbs.B
YM-Infocard.A
YM-Infocard.A.jpg
YM-Infocard.B
YM-Infocard.C
YM-lnfocard.D
Download PCMAV 3.0.2 Update Build1 (YM-Infocard)
