Posted: May 5, 2011

Ydky9kv.exe Description

Ydky9kv.exe is a recently-emerged Trojan threat with a reputation for installing rogue security programs onto computers. Ydky9kv.exe should be considered an urgent security threat to your PC, since Ydky9kv.exe is capable of running automatically, corrupting native memory processes and installing other malware onto your computer without your permission. Keep your anti-malware applications up to date to have the best defense against Ydky9kv.exe, since Ydky9kv.exe is extremely new and may avoid being detected by scanners without recently-updated threat definitions. Deleting Ydky9kv.exe should be done by the appropriate software when possible, since Ydky9kv.exe is a sophisticated threat and may be accompanied by other kinds of infections.

Ydky9kv.exe is an Exceptionally Amorphous Trojan

Ydky9kv.exe has been reported in many varying file sizes and may be as small as 15kb or as large as 76kb. Besides Ydky9kv.exe's ever-changing size, Ydky9kv.exe may also be detected by different names. Known labels for Ydky9kv.exe infections include Trojan.Win32.FakeAV.bjzk, Trojan-Downloader.Win32.Small.burh, Trojan-Ransom.Win32.PornoBlocker.pxr, Trojan.Win32.VBKrypt.bxfl and Trojan.Agent/Gen-FakeAlert.

Ydky9kv.exe was first seen in the middle of April 2011, and may require threat definition updates that are at least that recent to be detected by anti-malware scanners. Ydky9kv.exe has already been reported to infect many first world regions like the United States, the United Kingdom and Germany as well as United States.

As a Trojan, Ydky9kv.exe may attack your security to enable remote attackers to control your PC. Ydky9kv.exe may also download and install other kinds of threats onto your system and is noted to specialize in rogue security applications.

Signs of Ydky9kv.exe's Hooks in Your PC

Ydky9kv.exe has been found to hide itself in Windows system directories and may engage in any or all of the following attacks while you overlook Ydky9kv.exe's presence:

  • Ydky9kv.exe may use rootkit techniques to infect native system processes like explorer.exe and svchost.exe. This lets Ydky9kv.exe remain active without letting you know Ydky9kv.exe is even running at all.
  • Ydky9kv.exe may modify your Registry so that Ydky9kv.exe launches automatically whenever Windows starts.
  • Your firewall settings may be altered or your firewall may be disabled completely, to let Ydky9kv.exe engage in the unauthorized transfer of information to or from your computer.
  • Ydky9kv.exe may register .dll files and enable COM objects; these components are difficult to remove manually and may enable other complex attacks.
  • Rogue programs like Antivirus Protection Trial or Windows Recovery may be downloaded and installed onto your computer without your consent.
  • Ydky9kv.exe may download a Remote Administration Tool that lets remote attackers have complete control over your computer.
  • Finally, Ydky9kv.exe may transfer information from your computer into the hands of criminals. This information can include private data like account passwords or online banking information.

Since Ydky9kv.exe is a fairly sophisticated threat and is likely to have other threats backing Ydky9kv.exe up, you should remove Ydky9kv.exe by using appropriately advanced anti-malware programs. Remember to update your threat definitions and run your scans in Safe Mode or a similar secure environment, and you should be able to delete Ydky9kv.exe without a hitch.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 C:\Documents and Settings\Administrator\Local Settings\Temp\MouseDriver.bat
    2 C:\Documents and Settings\Administrator\Local Settings\Temp\ydky9kv.exe
    3 C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5139.tmp
    4 C:\Documents and Settings\Administrator\Local Settings\Temp\~DF76CC.tmp
    5 C:\DOCUME~1\Admini~1\Locals~1\Temp\ydky9kv.exe
    6 C:\WINDOWS\fonts\services.exe
    7 C:\WINDOWS\system32\fl8uphp.log
    8 C:\WINDOWS\Temp\MouseDriver.bat
    9 C:\WINDOWS\Temp\ogunhqym.bat
    10 C:\WINDOWS\Temp\ydky9kv.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ydky9kv.exe may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.