Please help...i am infected for the 1st time in 5 yrs &
Norton did not detect the above virus but AVG did. I am
unable to open ANY PROGRAMS (antivirus ones as well) & can
not gain access to ANY programs on my CONTROL PANEL to
disable my RESTORE folder. I pickedup the above virus on
fri, dec 27th & have been having trouble every minute my
PC is on since then. I'm NOT computer literate but is
there a place where I can go online & have this problem
solved? Remember....I can not open any programs, etc.  
This includec my A/V programs because dialog box says 'CAN
NOT FIND...'!! Thank U so very much & please reply to

not open.

There should be complete manual removal instructions at www.sarc.com, if you
search the virus database for the virus name.

Make sure your antivirus has the latest updates for the week installed.  If
Norton was installed and had the latest updates, it should detect this.
When you download AVG, it comes with the latest updates included, but with
Norton you need to download updates immediately after installing it.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.423 / Virus Database: 238 - Release Date: 11/25/2002

Had the same thing happen to me. I know better but I
opened a email with a "love.scr" attachment IN hotmail.
You may want to try TREND MICRO FREE REMOTE Virus checker
after you get it cleaned-up. GOOD-LUCK

Same here, or something similar.
I got attacked through an attachment from a religious
website forwarded from a friend.
It was in a free screensaver and my antivirus software
picked it up but couldnt stop it. I know that you cant
open any programs as it comes up, at least with me, "cant
find "rundll32.exe", or with applications "null" ".
However I can get into "My Documents, Pictures, etc". Can
you?
I am trying to get a way of inserting the missing exe
file. If not then I will save as many of my files through
email attachments as I can. It is funny but I was just
going to run a major backup this week! If you seem to
have the same problem then I will keep in touch if I find
a solution. I will be contacting my supplier tomorrow.
Good luck.......Gordon

This is the worst thing I've ever seen and in order to
fix I basically had to start from scratch - reinstalled
Windows XP and then most software - including the very
latest and greatest AV from Norton - I was totally
crippled even though all the files were there - most
programs wouldn't open.

Norton is NOW detecting this for me....

Faye

The worm is loaded automatically by changing the following keys in the
registry.
HKEY_CLASSES_ROOT\exefile\shell\open\command
if you have deleted the worm before fixing the registry your applications
won't work.
                   You can check the system manually. I-Worm/Yaha creates
the file "MSMDM.EXE" in Recycled folder. The presence of this file ensures
you are infected with this worm.
                   Yaha Worm changes registry keys when infecting the
machine and it should be fixed before deleting the main worm file
"MSMDM.EXE" stored in Recycled folder
------------------------------------------------------------
Check out the Symantec site on this Yaha virus. If it has run it will stop
all .exe file open actions. There are step by step instructions how to go
into the safe mode dos command and change regedit
From the Symantec site
If the worm has run, do the following:

1. Download the updated virus definitions using the Intelligent Updater, but
do not install them.
2. Restart the computer in Safe mode.
3. Copy Regedit.exe to Reg.com.
4. Edit the registry and reverse the changes the worm made.
5. Start your Symantec antivirus software. If it does not start or properly
function, re-install it.
6. Install the Intelligent Updater virus definitions you downloaded earlier
(step 1).

Copying Regedit.exe to Reg.com
Because the worm modified the registry so that you cannot run the .exe
files, first make a copy of the Registry Editor as a file with the .com
extension, and then run that file.

Windows 95/98 users: Click Start, point to Programs, and click the MS-DOS
Prompt. (This opens a DOS window at the C:\Windows prompt.)
2. Type the following, and then press Enter:

copy regedit.exe reg.com

3. Type the following, and then press Enter:

start reg.com

1. Navigate to and select the following key:

HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command

CAUTION: The HKEY_LOCAL_MACHINE\Software\Classes key contains many subkey
entries that refer to other file extensions. One of these file extensions is
.exe. Changing this extension can prevent any files ending with an .exe
extension from running. Make sure that you browse all the way along this
path until you reach the \command subkey.

Modify the HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
subkey, :Modify this(command) key.

2. In the right pane, double-click the (Default) value.
3. Delete the current value data, and then type: "%1" %* (That is, type the
following characters: quote-percent-one-quote-space-percent-asterisk.)
When you click OK, the (Default) value should look exactly like this:

""%1" %*"
Make sure that you completely delete all the value data in the command key
before you type the correct data. If you leave a space at the beginning of
the entry, any attempt to run the program files will result in the error
message, "Windows cannot find .exe." If this happens to you, start over at
the beginning of this document, and make sure that you completely remove the
current value data.
4. Navigate in turn to each of the following keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices

NOTE: The RunServices key may not exist on all the systems.

5. In the right pane, delete the value

WinServices C:\%System%\WinServices.exe

6. Exit the registry editor.
----------------------------------------
source of scripts that will do the above repair
http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html
exefix8.com is described as doing the best repair to the registry .exe open
command