Additionally, the worm was programmed to collapse any folder option displays along with registry tools and task manager, the specialists added. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware. When this infection is active, you may notice unwanted processes in Task Manager list. There it carried out several operations to disable security products as well as deactivated tools used for system configuration. The Win32:AutoIt-FL Wrm is considered dangerous by lots of security experts. Meanwhile, the security specialists stated that the Yahlover worm had also been circulating in the later months of 2008 in Thailand and Vietnam. Furthermore, users needed to be cautious while handling file transfers and e-mail attachments, the researchers advised.
W32 YAHLOVER WORM VIRUS PC
It was also important that users turned on a PC firewall and installed the most recent computer updates.
W32 YAHLOVER WORM VIRUS SOFTWARE
Hence, it was extremely vital that computer users installed reliable antivirus software for warding off infections like Yahlover. Nevertheless, having being spotted numerous times, a detailed analysis is necessary of two versions of Yahlover that are W32/Yahlover.worm and W32/.Ĭommenting on this point, researchers of computer security said that cyber criminals like spammers were getting increasingly creative in their malevolent campaigns.
The worm also proliferates via Autorun.ini files loaded through removable devices so that it gets mechanically executed on computers that have their 'Autorun' enabled. When that happens, a pop-up window repeatedly emerges in short intervals displaying the malicious web page link. Subsequently, the worm changes the registry so that it becomes active every time Windows is started. Moreover, once executed, Yahlover creates two replicas of itself in the %Systems% or %Windows% directories naming the new files as svchost.exe and svchost32.exe.
They typically send e-mail to friends having a web-link, which points towards a harmful page that tries to exploit the MS06-014 security flaw so that it can plant itself on the affected systems, security researchers stated. Variants of Yahlover worm try to proliferate through an IM (Instant Messaging) e-mail client like Windows Messenger, AIM or Yahoo! Messenger running on an infected system. VirusTotal, a free service provider for online scan of viruses and other malware, has included Worm Yahlover, which proliferates via Yahoo Messenger, among the ten most prevalent malicious e-threats on July 6, 2009. VirusTotal - Malware Yahlover Disseminates Through Yahoo Messenger
0 kommentar(er)
