Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||W32/Yaha.p@MM W32/Yaha-P, WORM_YAHA.P , I-Worm.Lentin.m|
|Effects: ||It ends antivirus and firewall programs, modifies the home page of Internet Explorer and launches DoS attacks.
|Detection updated on:||May 5, 2003|
|Yes, using TruPrevent Technologies
Lentin.P is a dangerous worm that carries out various actions on affected computers. Lentin.P ends processes belonging to antivirus and firewall programs and launches DoS attacks against five Internet addresses.
Lentin.P also changes the Home page of Internet Explorer and closes the Task Manager in order to prevent the user form manually ending the actions it carries out.
This worm mainly spreads via e-mail in a message that has extremely variable characteristics. Lentin.P also exploits a vulnerability in Internet Explorer, so that the computer will be infected by simply viewing the message carrying the worm through the Preview Pane, without needing to run the attached file.
It can also spread across networks, as on Wednesdays it copies the virus to the shared drives in the affected computer.
Lentin.P is difficult to recognize, as it does not display any messages or warnings that indicate that it has infected a computer.
An indication that this worm has reached a computer is a suspicious e-mail message with an attached file that has the typical icon of a text file:
In order to see the characteristics of the e-mail messages carrying Lentin.P, click here.