Author Topic: Seems to be a new strain of YAHA (Read 5778 times)

dcliff · « **on:** June 26, 2003, 02:12:10 PM »

I got a file called plus6.scr at hotmail.
Mcafee on hotmail wasnt able to catch it and also avast couldnt catch it.

But when i managed to get the registry editor running after killing a strange process called wintsk32.exe which cas attempting to connect to the net.

In the registry i saw in hklm exefile had been modified to load a prog called exeldr32.exe

i deleted wints32.exe, exeldr32.exe and the registry key

Please provided an update soon

PS: I knew it was the yaha worm. I just wanted to see if avast could catch it after mcafee had failed. And yes i have the latest updates

raman · « **Reply #1 on:** June 26, 2003, 03:03:59 PM »

Yes, it could be Yaha/Lentin.R, but why did you delete it? If you want it to be added, you should have sent it to Avast. If you have the Email you can still send it .

Other thing, why did you start the file?

Vlk · « **Reply #2 on:** June 26, 2003, 05:13:16 PM »

OK, the virus database has been updated to deal with this beast, and also the Virus Cleaner can now safely remove it.

Vlk

dcliff · « **Reply #3 on:** June 26, 2003, 06:40:43 PM »

thanks a lot guys.

Thankfully i had a copy of antivir PE and it cleaned up my system (Finally i get to catch a virus).

these were the files reg32.exe exeldr32.exe wintsk32.exe

and a registry entry
HKEY_CLASSES_ROOT\exefile\shell\open\command

Damn Viruses

igor · « **Reply #4 on:** June 26, 2003, 06:48:41 PM »

Well, in fact it creates some more registry entries (e.g. HKLM\Software\Microsoft\Snakes), but they're completely useless.

Author Topic: Seems to be a new strain of YAHA (Read 5778 times)

dcliff

Seems to be a new strain of YAHA

raman

Re:Seems to be a new strain of YAHA

Vlk

Re:Seems to be a new strain of YAHA

dcliff

Re:Seems to be a new strain of YAHA

igor

Re:Seems to be a new strain of YAHA