PDA

View Full Version : URGENT please help with worm

A4Ever
12-30-02, 01:38 PM
W32.Yaha.K@mm

is the name of the bastard. Only symantec seems to have an update, but the trial version of norton won't start. Yes... the worm tries to disable virusscanners and firewalls.

It comes as an attachment, in my case: true_love.scr.

It can do damage, does anyone know how I can remove this?

http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html

has information on it, but I'm not a tech head.

Help would be GREATLY apreciated!
Jaxom
12-30-02, 01:50 PM
Try here:

http://www.sophos.com/virusinfo/analyses/w32yahak.html

They also have instructions at the bottom for removing worms, if you're actually infected.

I highly recommend their AV software...we get a lot of e-mail attachments, and Sophos has nailed all the virus ones thus far.
Avatar
12-30-02, 02:01 PM
try www.kaspersky.com
the best anti virus out there
they have a free 30 day trial
and daily free updates
Norton AntiVirus is the biggest crap in the market
can trust me- I've tested it myself along with others

you can also get a free one from www.girsoft.com AVG - it's quite good

I've heard that Dr Web is not so bad also
odin
12-30-02, 02:29 PM
http://housecall.antivirus.com/housecall/start_corp.asp
Alien Mastermind
12-31-02, 09:49 AM
lol...
"true_love.scr". That's the exact attachment I got from some junk mail... I can't believe you actually downloaded it.

Here's some future advice: NEVER download any attachments from sources you do not recognize; especialy from addresses such as kl@aminoprojects.com (I mean, doesn't that address sound stupid?)

Anyway, I hope you get that worm outa there.
A4Ever
12-31-02, 10:07 AM
The worm is gone. Combination of registry editing and housecall.

Never co install norton and norman. They'll scan each other in an eternal loop and halt your system.

thanks for all the help. I'll bake a cake and eat it in your honour.
Xelios
12-31-02, 12:12 PM
Alright, that's it, from now on my brother is not allowed to download anything on this computer again. He downloaded some stupid thing called love.scr on MSN and now we have the worm too :mad:. Good thing you posted this or I wouldn't have caught it.
Stryder
01-06-03, 10:47 AM
A4Ever

It wouldn't cause an internal loop for ever, it's a tactic for "Buffer Overflows". Using a loop to create too much data for the intended allocated space, forcing data out of it's region into other data ranges.

This can cause the potential of an exploit, there would be a programmatic method to work out if an errorcode is called, and if so which one. (an errorcode my halt the process, namely causing the process to DoS with data)
If there is no defined errorcode then there could be coding for manipulating data to other ranges, like opening a port in a firewall program.

(Just a note, the new forms of virus will eventually check a server for an update to the code it needs to execute, making them extremely devious but they will be tracible to the server that the code is being "updated" from.)