Yahoo Password Stealer Infection – Remove infostealer pws-yahmali Virus
McAfee detection center calls it pws-yahmali trojen and Symantec calls it infostealer.yahmali. It’s risk level is very low. And it’s only a password stealer. It attempts to steal the password of the yahoo messenger (whenever user logs in) and may send to ilam-mind-makers [dot] com.
The Trojan may be downloaded or may arrive in spammed email as one of the following files:
Once executed, the Trojan creates one of the following file:
It also creates and modifies some registry keys.
The Trojan specifically checks for Yahoo! Messenger with the following text in the window title:
Yahoo! Messenger with Voice
Remove pws-yahmali – Solution
Run a thorough system scan with any antivirus software. After scanning with an antivirus, follow the instructions below to remove pws-yahmali completely:
Disable System Restore.
Clean all the temporary files on the system. Use CCleaner to clean your system.
Delete the following registry keys:
Go to Start –> Run –> regedit and find the following key and delete these
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon”shell” = “explorer.exe” C:DOCUME~1ADMINI~1LOCALS~1Temp[ORIGINAL TROJAN FILENAME].exe [RANDOM CHARACTERS]”
Run the following commands:
Go to Start –> Run and copy and paste the following commands one by one:
REG add HKCUsoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v HideFileExt /t REG_DWORD /d 1 /f
REG add HKCUsoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 0 /f
Anti Virus Protection for any PC has been a growing need. Some people recommend cheap antivirus software solution and some suggest free virus protection software or virus removal software. Internet security software are different from antivirus and with standard scanning software you also need anti spam software sometimes. Explore TechMynd Recommendations for your PC security needs.