W32.Yalove


Aliases: Generic.Malware.SDQ!dldsp.6950A58E, Generic.Malware.SDQ!dldsp.6950A58E, Worm/Generic.FUQ
Variants: W32.Yalove.D, W32.Yalove.F

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 30 Nov 2006
Damage: Medium

Characteristics: The W32.Yalove program spreads via Yahoo Instant Messenger program. This worm could download and run malicious files. It is as well capable of disabling the Registry tools and Windows Task Manager on the compromised computer. This affects windows plat form such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows XP and Windows Server 2003.

More details about W32.Yalove

When W32/Yalove is executed, it copies itself as %Windir%\system\svhost.exe to windows installation folder and adds value on the registry sub key so that the worm will execute automatically whenever the windows start. It attempts to download malicious files from a particular site and this downloaded file is saved as %Windir%\system\svchost32.exe and is detected as Infostealer so it has the ability to steal information on your system and sends it to the remote attacker. The worm will also disable the processes on your system and some of which are security related.

The W32.Yalove software opens a backdoor on the affected computer. A remote user can access this backdoor and take control of the user’s machine through IRC (Internet Relay Chat) channels. The remote user may send commands, such as uploading and downloading of content and removing of important files from the user’s computer. This application is capable of using the affected system’s Internet connection. It attempts to establish a connection to a remote server via HTTP (Hypertext Transfer Protocol). The W32.Yalove application most likely downloads illicit files and programs from the remote server to be launched on the infected computer. These downloaded files may consist of illicit programs and unwanted files.