Know Your Malware: Yusufali Removal

Yusufali is a trojan that silently runs in background and monitors user activity analyzing titles of opened windows. If one of the titles contains specifc words, the trojan displays the following message in several languages:

"YUSUFALI: Know, therefore, that there is no god but Allah, and ask forgiveness for thy fault, and for the men and women who believe: for Allah knows how ye move about and how ye dwell in your homes"

If the window, which title contains predefined words, is left open, Yusufali will continue to display a message. It will show another message with the "For Exit Click Here" button. After the user moves the mouse, the trojan opens yet another message: "OH! NO i'm in the Cage". This message contains three buttons "LogOff", "ShutDown", "Restart". Clicking on any of them leads to a log off. The mouse pointer is locked within the message, so the user is left with no choice but to log off, restart or turn off a computer.

Yusufali properties:
Hides from the user
Stays resident in background Remove Yusufali, removal instructions

Linked by shanmuga Monday, 14th November 2005 9:17PM