about Yaha worm:
a mass mailing worm uses e-mail addresses
stored in Windows Address book and also
collects addresses from .ht* files to
distribute infected messages. Yaha worm
is also known as W32.Yaha.A@mm,
arrives as an e-mail attachment, message
subject will be
the Heart of your Valentine with this
beautiful Screen saver
or Fw: Melt the Heart of your Valentine
with this beautiful Screen saver".
The attachment name will be "valentin.scr".
The SMTP server
used to send the emails is chosen either
from the registry or from the following
list inside the worm body:
If the infected
e-mail attachment is executed, it runs as
a scren saver but also copies itself to
C:\recycled with the filenames msmdm.exe
code executed first. After that it
activates the corresponding application.
The worm is loaded automatically by
changing the following keys in the
Yaha worm doesn't
contain any destructive payloads. But if
you have deleted the worm before fixing
the registry your applications won't
Yaha Worm from your system:
incorporated I-Worm/Yaha its signature
file, with the aim of helping users
affected by this Worm attack to detect
and eliminate it from their systems. Fire
anti-virus users can update this
signature file by using online
update facility. It is available
with the registered version of Fire
can check the system manually.
I-Worm/Yaha creates the file "MSMDM.EXE"
in Recycled folder.
The presence of this file ensures you are
infected with this worm.
Worm changes registry keys when infecting
the machine and it should be fixed before
deleting the main worm file "MSMDM.EXE"
stored in Recycled folder. A
version is also available to detect all
viruses including Yaha worm. If you find
this worm, use registered version of Fire
to remove. Fire anti-virus kit
provides perfect cure for Yaha worm.
To get the registered version of Fire
call us at 044-28170440 or mail
purchase Fire online using
Mr.Ramesh, Mr. Surend Raj, Prognet
Technologies Pvt. Ltd, Feb. 2002]