Welcome to the Virus Encyclopedia of Panda Security.
It reduces the protection level of the affected computer, preventing the execution of many processes and services related to computer security. It attempts to download several applications in order to steal the passwords stored by several programs and browsers. It spreads via email in messages with subjects like Here you have, through removable drives and across networks.
|First detected on:||Sept. 10, 2010|
|Detection updated on:||Nov. 22, 2010|
Visal.A is a worm which reduces the protection level of the affected computer, as it prevents many programs related to computer security from being run, like antivirus solutions and firewalls. It also disables several Windows services related to security, like Windows Security Center y Windows Update.
Additionally, it attempts to download several tools which allow it to steal the passwords stored by browsers like Internet Explorer or Firefox, and instant messaging programs, among others.
Visal.A uses the following means to spread:
- email, in messages with subjects like Here you have and which contain a link that points to the download of the worm.
- removable drives, making copies of itself in them.
- networks, attempting to make copies of itself if it finds any accessible computer in the network.
Visal.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, when it spreads via email, it uses messages with the following features:
- Subject: it can be any of the following, among others:
Here you have
Just for you
- Message: it contains a link to a website and under the pretext of a document apparently known by users it tries to convince users to click on the link. The content of the message can also make reference to free downloads of porn movies.
In the following image, you can see several examples of the email messages the worm users to spread: