Home > Virus > Viruses > VBS.Yeno.B@mm

Virus Name: VBS.Yeno.B@mm

Aliases: VBS.Yeno.C@mm, VBS.Yeno@mm, VBS/Yeno.Worm, VBS/Yeno.gen, VBS.Yeno

Yeno is a Visual Basic Script virus that infects all .html and .vbs files and spreads via e-mail.  On infection, it displays a message box from OXNEY.B with, "Are you still drunk…???" and Yes/No buttons.  Pressing Yes causes the virus to quit, while selecting No leads to another message box also from OXNEY.B.  This one contains the message:

_______________YOU GOT MY WORM_______________

It's not dangerous to disinfect contact you AV center…….!!! or visit : www.Spidey.uni.cc for more info about this worm

by (cute) Spidey

_______________YOU GOT MY WORM_______________

with an OK button at the end.  Clicking OK causes the virus to copy itself as a hidden file to your Windows system directory as OXNEY.B.VBS, OXNEY.VBS, or OXNEY.C.VBS.  It then attaches itself to an e-mail sent to all of the addresses in your address book as one of the above three files.  The e-mail subject line is either, "FW: I give you again…" or "FW: give some…"

Yeno then creates a registry key to run the above file, which causes it to append itself to all .vb or .vbs files on drives C, D, and E.  It also makes a new first line for the file of either, " 'again I am sorry!!" or " 'I'm sorry friend, I have no money!!"  Yeno also adds an HTML script to all .htm or .html files on Drives C, D, and E to make the virus run on opening.

And changes your Internet Explorer home page to spidey.uni.cc and the title bar to "Microsoft Internet Explorer Provided by: Spidey" by modifying some registry keys.  While it is modifying the registry, it also adds several other registry keys with hidden coded messages too.

Copyright (c) 2005, 2008  A. Ryan Robbins.  All Rights Reserved.