W32.Haytap@mm is a computer worm that was discovered April 30, 2006 and also goes by the name ''W32.Fakepatch@mm" occasionally. It operates using Yahoo! Messenger to infect.

Technical details

  1. Copies itself as the following file:


  1. Adds the value:

to the following registry subkey:

so that it runs every time Windows starts:

  1. Obtains contact names from Yahoo! Messenger. The worm will append as the domain name to complete the email addresses.
  2. Sends itself to the email addresses it generates. The email has the following characteristics:



Attachment: email.exe

Community content is available under CC-BY-SA unless otherwise noted.