W32/Sohana-CA is a worm for the Windows platform.

When W32/Sohana-CA is first run the following files are created:

System\autorun.ini
System\gphone.exe
Windows\gphone.exe

The following registry entry is created to run gphone.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
System\gphone.exe

The following registry entry is changed to run gphone.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe gphone.exe

More information can be found at this Sophos page.