Published Jun 08, 2011 | Updated Sep 15, 2017

Win32/Yimfoca

Severe |Detected with Windows Defender Antivirus

Aliases: No associated aliases

Summary

Windows Defender detects and removes this threat.

Win32/Yimfoca is a worm family that spreads via common instant messaging applications and social networking sites. It is capable of connecting to a remote HTTP or IRC server to receive updated configuration data. It also modifies certain system and security settings.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Removing a program exception

This threat may add a malware program to the Windows Firewall exception list. To remove the program exception, follow these steps:

For Windows 7:

  1. Click Start, select Control Panel, then System and Security.
  2. Select Windows Firewall.
  3. On the left-hand menu, select Allow a program through Windows Firewall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Click Change Settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  5. Select "NVIDIA driver monitor" or "Windows System Devices Manager" from the list of allowed programs and features. Click Remove.
  6. Click OK.

For Windows Vista:

  1. Click Start, select Control Panel, then Security Center.
  2. On the left-hand menu, select Windows Firewall.
  3. On the left-hand menu, select Allow a program through Windows Firewall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Select "NVIDIA driver monitor" or "Windows System Devices Manager" from the list of allowed programs and features. Click Delete.
  5. Click OK.

For Windows XP:

  1. Use an administrator account to log on.
  2. Click Start, select Run, type wscui.cpl, and then click OK.
  3. In Windows Security Center, click Windows Firewall.
  4. On the Exceptions tab, click "NVIDIA driver monitor" or "Windows System Devices Manager" and then click Delete.
  5. Click OK.
Additional remediation instructions for Win32/Yimfoca

This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us