Latest
Virus Threats |
 |
|
 |
|
|
|
|
Yalove.A
Threat Level I
Damage II
Distribution I
Common name: Yalove.A
Technical name: W32/Yalove.A.worm
Threat level: Medium
Type: Worm
Effects: It passes itself off as Google's original website in order to deceive users, downloads malware to the affected computer and carries out several modifications in the Windows Registry, which prevent the computer from working properly. It spreads through local, removable and mapped drives.
Affected platforms: Windows 2003/XP/2000/NT/ME/98/95
First detected on: Feb. 21, 2008
Detection updated on: Feb. 22, 2008
In circulation? No
Brief Description
Yalove.A is a worm that passes itself off as Google's original website. In order to do so, it shows a similar website to the original one in order to deceive users. The results offered in this website could point to malicious websites.
It also connects to certain websites in order to download updates of itself and other malware samples.
Additionally, it carries out several modifications in the Windows Registry, which prevent the user from working with the computer as usual.
These modifications prevent the user from carrying out the following actions, among others:
Running files in a fast and straight way, as it disables the option Run from the Start menu.
Viewing the processes that are being run through the Task Manager.
Modifying the configuration of the features of the folders.
Yalove.A reaches the computer in a file that has the icon belonging to a Windows folder. It spreads through local, removable and mapped drives, making copies of itself in them.
Visible Symptoms
Yalove.A is easy to recognize once it has affected the computer, as when it is run, it opens several websites with the Internet Explorer browser that display a website that seems to be Google's.
However, they are not Google's original website, as the URL that appears in the address bar points to http://clic<blocked>anu.com, as can be seen in the following image:
|
| |
|
