Yahlover worm is also known as Sohana worm. Yahlover works secretly in a background to deliver malicious files on the compromised machine. This worm is dangerous because it spreads through network shares. It may also be able to infect some instant messenger applications and access victims this way.
Yahlover modifies Windows registry to set itself to run on startup. This infection is difficult to track without any security tools because the worm hides its activities pretty well. Yahlover worm is able to trick firewalls and appear on their lists as a legitimate program. It is also capable of avoiding anti-virus tools.
This parasite is active since 2008 and recently we noticed that fake pop-ups appeared to bother users and suggest that they are infected with this parasite. The exact infection number was RDN/YahLover.worm!055BCCAC9FE. The creators of this frightening poo-up insisted that people would come into contact with them via 1 888 373 0151 phone number. This was a pathetic technical support scam which urged people to call the identified number for “assistance”. Of course, such action is highly inappropriate. The people that answer your call are going to strongly pushing you to buy security tools that should take care of the problems with the Yahlover. Despite anything these people tell you, remember that this is a hoax to grab money out of your pocket. The domain, which contained this message was Warningalert.xyz. As we can see, this site is blocked by Google due to shady activity.
As back to the Yahlover worm, its name might already indicate the place it utilized for distribution: Yahoo. The latter parasite spreads via applications for instant message sending, removable media like USB Flash drives and network shares. That is why users should not plug in random flash drives and use them without scanning if these medias are not contaminated. The worm also also has a capacity to connect to the users’ Internet connection and communicate with a remote server.
Worms have a tendency to disguise themselves as seemingly normal (but not really) files or links that will lead to an infection. Do not get distracted by the content that the message is going to visualize. You should always check if message is really meant to be opened or is just a mere trap. Furthermore, having a worm in your system makes it extremely plain landing for other malware infections.
Distribution Methods of Yahlover
Worms like Yahlover are very frequently sent around in a quite peculiar way. In social media networking sites, if one person gets infected, chain-like letters are sent around to all of his/her friends insisting that they click on an odd link. It might imply to contain pornographic content or something completely out of the blue as: your childhood photos. Most of these messages are grammatically incorrect or written in haste. In this case, in Yahoo, users can receive letters from their friends and assume its real. Nowadays this trick is over-utilized as, for example, Facebook users randomly get tagged to videos or photos that feature pornographic imagery. If users get tempted to click on the links, they are risking their device’s security and stability.
Yahlover may bring much harm since it is difficult to notice and delete; and it usually installs dangerous trojans. If you suspect this infection running on your computer, block admin.waverevenue.com, bhxtakekep.net, diesam.moe.hm and sousi.extasix.com websites using your HOSTS file. These are the domains most commonly used by Yahlover to download other malwares. Run a full security scan with programs like Spyhunter or Malwarebytes to detect this worm and get rid of it as soon as possible. These applications are also capable of eliminating other malware infections that might have gotten access to your device via Yahlover.
Automatic Malware removal tools