YAHA WORM SOLOUTION 
Author Message
 YAHA WORM SOLOUTION

Well this little beauty seems to be doing the rounds
quite nicely. It got me and two of my friends. Here's how
I got rid of it without having to re-format my hard drive.

go to  www.trendmicro.com and do their online scan. This
will tell you if you have any files infected by the yaha
worm. Oh by the way, if it does detect any it can
NOT "clean" or "delete" them. If you do find some then go
to  

www.sophos.com/support/disinfection/yaharemove  

here you will find a link for a small .exe file called
rmyahsfx.exe. download and unzip it. It goes by default
to your C drive. find the file and run it. It takes about
a second to complete AND IT WORKS.

Then run the trend online scan again. if it finds some
yaha files left over you should now be able to delete
these.

My first scan found 12 files which I could not delete .
after running the rmyahsfx.exe file I scanned again and
it only found four which trend could delete. I was then
clean.

This worm is designed to disable protection software such
as zonealarm, nortons antivirus etc etc etc. there's a
long list of software based protection devices it can and
DOES disable to get on your system.

By the way, this worm is e-mail based. Once infected it
can use your e-mail address to send it to others in your
address book as it did with me. So be VERY VERY VERY wary
of futher e-mails EVEN if they purport to be from someone
you know.

I suggest looking at the Sophos page relating to this
virus. It will give you a clue what to look out for in
terms of the e-mails "subject" should you receive it.
Furthermore clicking on the attachment in the e-mail may
not neccessarily be the way it gets on  your system.
Simply opening the mail could do it. So if you think it
may be Yaha delete it without opening it or at least
contact your "friend" by other means to ensure it is a
valid e-mail.

This worm affected my friends web access and made
programs on my PC unusable. I was unable to open my task
manager to close yaha down as it is self protecting and
it would not allow me to complete "run" commands that
would enable me to try to clean it off my system.

All in all a very clever bit of work by the creator.
Shame they couldn't put all that brain power to work in
other ways. They would be rich !    



Tue, 28 Jun 2005 01:38:23 GMT  
 YAHA WORM SOLOUTION

That's all well and good, but if you aren't running an antivirus program
now, there's nothing preventing you from being reinfected a minute later by
this or by another virus.  www.grisoft.com is free, so there's no excuse not
to.

Removal tools are OK, but they offer no protection.  By the time you have a
virus, it could be too late for your computer or your data files, and a
removal tool won't fix files that were corrupted by a virus that damages
data files.  Removal tools only remove viruses, not data corruption.  Also
the removal tool only works on one virus, and there are tens of thousands
out there.  Prevention is really key.


Quote:
> Well this little beauty seems to be doing the rounds
> quite nicely. It got me and two of my friends. Here's how
> I got rid of it without having to re-format my hard drive.

> go to  www.trendmicro.com and do their online scan. This
> will tell you if you have any files infected by the yaha
> worm. Oh by the way, if it does detect any it can
> NOT "clean" or "delete" them. If you do find some then go
> to

> www.sophos.com/support/disinfection/yaharemove

> here you will find a link for a small .exe file called
> rmyahsfx.exe. download and unzip it. It goes by default
> to your C drive. find the file and run it. It takes about
> a second to complete AND IT WORKS.

> Then run the trend online scan again. if it finds some
> yaha files left over you should now be able to delete
> these.

> My first scan found 12 files which I could not delete .
> after running the rmyahsfx.exe file I scanned again and
> it only found four which trend could delete. I was then
> clean.

> This worm is designed to disable protection software such
> as zonealarm, nortons antivirus etc etc etc. there's a
> long list of software based protection devices it can and
> DOES disable to get on your system.

> By the way, this worm is e-mail based. Once infected it
> can use your e-mail address to send it to others in your
> address book as it did with me. So be VERY VERY VERY wary
> of futher e-mails EVEN if they purport to be from someone
> you know.

> I suggest looking at the Sophos page relating to this
> virus. It will give you a clue what to look out for in
> terms of the e-mails "subject" should you receive it.
> Furthermore clicking on the attachment in the e-mail may
> not neccessarily be the way it gets on  your system.
> Simply opening the mail could do it. So if you think it
> may be Yaha delete it without opening it or at least
> contact your "friend" by other means to ensure it is a
> valid e-mail.

> This worm affected my friends web access and made
> programs on my PC unusable. I was unable to open my task
> manager to close yaha down as it is self protecting and
> it would not allow me to complete "run" commands that
> would enable me to try to clean it off my system.

> All in all a very clever bit of work by the creator.
> Shame they couldn't put all that brain power to work in
> other ways. They would be rich !

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.435 / Virus Database: 244 - Release Date: 12/30/2002


Wed, 29 Jun 2005 21:40:50 GMT  
 YAHA WORM SOLOUTION

I appreciate what you are saying. I didn't post this
originally as a catch all for virus protection. It was
merely meant to be a soloution for this particular virus
as a lot of anti-virus software doesn't detect it.

Quote:
>-----Original Message-----
>That's all well and good, but if you aren't running an
antivirus program
>now, there's nothing preventing you from being

reinfected a minute later by
Quote:
>this or by another virus.  www.grisoft.com is free, so

there's no excuse not
Quote:
>to.

>Removal tools are OK, but they offer no protection.  By
the time you have a
>virus, it could be too late for your computer or your
data files, and a
>removal tool won't fix files that were corrupted by a
virus that damages
>data files.  Removal tools only remove viruses, not data
corruption.  Also
>the removal tool only works on one virus, and there are
tens of thousands
>out there.  Prevention is really key.



>> Well this little beauty seems to be doing the rounds
>> quite nicely. It got me and two of my friends. Here's
how
>> I got rid of it without having to re-format my hard
drive.

>> go to  www.trendmicro.com and do their online scan.
This
>> will tell you if you have any files infected by the
yaha
>> worm. Oh by the way, if it does detect any it can
>> NOT "clean" or "delete" them. If you do find some then
go
>> to

>> www.sophos.com/support/disinfection/yaharemove

>> here you will find a link for a small .exe file called
>> rmyahsfx.exe. download and unzip it. It goes by default
>> to your C drive. find the file and run it. It takes
about
>> a second to complete AND IT WORKS.

>> Then run the trend online scan again. if it finds some
>> yaha files left over you should now be able to delete
>> these.

>> My first scan found 12 files which I could not delete .
>> after running the rmyahsfx.exe file I scanned again and
>> it only found four which trend could delete. I was then
>> clean.

>> This worm is designed to disable protection software
such
>> as zonealarm, nortons antivirus etc etc etc. there's a
>> long list of software based protection devices it can
and
>> DOES disable to get on your system.

>> By the way, this worm is e-mail based. Once infected it
>> can use your e-mail address to send it to others in
your
>> address book as it did with me. So be VERY VERY VERY
wary
>> of futher e-mails EVEN if they purport to be from
someone
>> you know.

>> I suggest looking at the Sophos page relating to this
>> virus. It will give you a clue what to look out for in
>> terms of the e-mails "subject" should you receive it.
>> Furthermore clicking on the attachment in the e-mail
may
>> not neccessarily be the way it gets on  your system.
>> Simply opening the mail could do it. So if you think it
>> may be Yaha delete it without opening it or at least
>> contact your "friend" by other means to ensure it is a
>> valid e-mail.

>> This worm affected my friends web access and made
>> programs on my PC unusable. I was unable to open my
task
>> manager to close yaha down as it is self protecting and
>> it would not allow me to complete "run" commands that
>> would enable me to try to clean it off my system.

>> All in all a very clever bit of work by the creator.
>> Shame they couldn't put all that brain power to work in
>> other ways. They would be rich !

>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system

(http://www.grisoft.com).

- Show quoted text -

Quote:
>Version: 6.0.435 / Virus Database: 244 - Release Date:
12/30/2002

>.



Thu, 30 Jun 2005 04:53:11 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. I-Worm/yaha.k

2. YAHA worm

3. how do i get rid of yaha worm?

4. Worm virus: W32/opaserv.worm.f

5. W32 Opaserv.worm a/k/a Opasoft.A Worm

6. CLIPPER TELEPHONY SOLOUTION WANTEDI

7. YAHA Virus

8. yaha virus

9. yaha.k

10. YAHA virus

11. W32/Yaha.

12. yaha\g

 

 
Powered by phpBB® Forum Software