One more infection aiming to disable important Windows functions

Jan 14, 2008 18:31 GMT  ·  By

January 2008 comes with a new trend when talking about computer security because lots of worms, Trojan horses, viruses or other pieces of malware attempt to disable important Windows functions in order to hide their files. WORM_YAHLOVER.AL is just another worm designed to work on Windows 98, ME, NT, 2000, XP and Server 2003, disabling the Task Manager, the Registry Editor and the Folder Options on the affected computers. The entire process is done through registry modifications, so a security solution to monitor the Windows registry would be quite useful.

The worm has already been included in most virus definitions, so whether you have installed McAfee, Kaspersky, Symantec or Sophos antivirus protection, the threat is blocked. According to security company Trend Micro, the worm circulates under several aliases as it follows: Trojan-Downloader.Win32.AutoIt.x (Kaspersky), W32/YahLover.worm.gen (McAfee), W32.SillyFDC (Symantec), W32/Dzan.a (Avira), W32/Sohana-AH (Sophos), Worm:Win32/Nuqel.J (Microsoft).

Just like any other recent worm, WORM_YAHLOVER.AL attempts to add a new registry entry in order to be executed every time the operating system is fully loaded. Moreover, it builds a new Autorun.inf file and copies it on every removable drive connected to the affected computer as a method to spread its files.

The medium damage potential and the medium distribution potential set by Trend Micro come to underline the worm's ability to harm the data stored on your computer. To prove you that WORM_YAHLOVER.AL is really dangerous, here are some statistics provided by the same security company: 1,885 computers infected in Asia and 646 systems affected in North America, all of them reported since January 11th, 2008.

Today's piece of advice is similar to the past ones: avoid visiting malicious websites that may drop the infection on your computer and keep the antivirus solution up-to-date with the latest virus definitions.