Threat Descriptions

Yawn

Classification

Category :

Malware

Type :

Virus

Platform :

W32

Aliases :

Yawn

Summary

Yawn is an Excel macro virus.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Yawn.A virus consists of 2 modules. The class module 'Class 1' contains a small code that opens Personal.xls from Excel startup directory.

The other module has a random name. This part of the code disables the built-in macro virus protection when a workbook is opened. If the virus was not run from PERSONAL.XLS, it creates this file in Excel Startup directory generating a random module name.

To replicate the virus also export its code in a file 't' in Excel Startup foder.

The virus tries to delete several menus. As an infection marker Yawn.A uses the following commented text in its code: 

'taitai

Variant:Yawn.A

Description:

Yawn.A virus consists of 2 modules. The class module 'Class 1' contains a small code that opens Personal.xls from Excel startup directory. The other module has a random name. This part of the code disables the built-in macro virus protection when a workbook is opened. If the virus was not run from PERSONAL.XLS, it creates this file in Excel Startup directory generating a random module name. To replicates the virus also export its code in a file 't' in Excel Startup foder. The virus tries to delete several menus. As an infection marker Yawn.A uses the following commented text in its code: 'taitai