Trojan:Win32/Yoddos.B is a trojan that drops a component that disables Internet Explorer protection offered by "360safe". It also replaces the Master Boot Record (MBR) with a malicious version, which is detected as Trojan:DOS/Yoddos.
When run, the checks for the presence of system-restoring software by looking for the following processes:
If found, Trojan:Win32/Yoddos.B disables Windows File Protection to drop the following file:
- <system folder>\drivers\pcidump.sys - also detected as Trojan:Win32/Yoddos.B
It installs this driver file by replacing the legitimate "pcidump" service, if it exists.
Disables security settings
Trojan:Win32/Yoddos.B drops a component to disable the protection offered by "360safe" for Internet Explorer. The component is also detected as Trojan:Win32/Yoddos.B.
Infects the MBR
Trojan:Win32/Yoddos.B replaces the original MBR with a malicious MBR. The malicious MBR is detected as Trojan:DOS/Yoddos.
Analysis by Jingli Li
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.