Welcome to the Virus Encyclopedia of Panda Security.
It passes itself off as Google's original website in order to deceive users, downloads malware to the affected computer and carries out several modifications in the Windows Registry, which prevent the computer from working properly. It spreads through local, removable and mapped drives.
|First detected on:||Feb. 21, 2008|
|Detection updated on:||Feb. 22, 2008|
Yalove.A is a worm that passes itself off as Google's original website. In order to do so, it shows a similar website to the original one in order to deceive users. The results offered in this website could point to malicious websites.
It also connects to certain websites in order to download updates of itself and other malware samples.
Additionally, it carries out several modifications in the Windows Registry, which prevent the user from working with the computer as usual.
These modifications prevent the user from carrying out the following actions, among others:
- Running files in a fast and straight way, as it disables the option Run from the Start menu.
- Viewing the processes that are being run through the Task Manager.
- Modifying the configuration of the features of the folders.
Yalove.A reaches the computer in a file that has the icon belonging to a Windows folder. It spreads through local, removable and mapped drives, making copies of itself in them.
Yalove.A is easy to recognize once it has affected the computer, as when it is run, it opens several websites with the Internet Explorer browser that display a website that seems to be Google's.
However, they are not Google's original website, as the URL that appears in the address bar points to http://clic<blocked>anu.com, as can be seen in the following image:>