W32/Yahlov-J

Category: Viruses and Spyware Protection available since:20 Nov 2009 10:40:23 (GMT)
Type: Win32 worm Last Updated:20 Nov 2009 10:40:23 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Yahlov-J is a worm for the Windows platform.

W32/Yahlov-J spreads to other network computers and via removable storage devices.

W32/Yahlov-J includes functionality to:

- copy iteslf to the <WINDOWS> folder
- run automatically
- copy itself to the <System> folder
- create files in the <System> folder
- steal confidential information
- access the internet and communicate with a remote server via HTTP

W32/Yahlov-J creates the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
<System>\sichost.exe

W32/Yahlov-J communicates via HTTP with the following locations:

lotusspring3 . t35 . com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy