Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Yaha Worm

Information about Yaha worm:

                     Yaha is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .ht* files to distribute infected messages. Yaha worm is also known as W32.Yaha.A@mm, W32.Yaha-a, I-Worm.Lentin.a

                     Yaha arrives as an e-mail attachment, message subject will be
"Melt the Heart of your Valentine with this beautiful Screen saver
or Fw: Melt the Heart of your Valentine with this beautiful Screen saver". The attachment name will be "valentin.scr".

                     The SMTP server used to send the emails is chosen either from the registry or from the following list inside the worm body:

webproxy.teaorcoffee.com.tw
supab.stn.sh.cn
sitic.com.cn
server.benmoss.com
pokkant1.pokka.com.sg
pdc.hrserve.com.tw
outmail.dongfang-china.com
ns.sillim.hs.kr
ns.binter.cl
microimportservice.com
mailsvr.hanace.co.kr
mailserver.kaimi.com.cn
mail.yinda.com.cn
mail.win-tex.com
mail.pusanpaik.or.kr
mail.cmr.com.cn
mail.clinicasanborja.com.pe
luckybusan.com
linux2.ele-china.com
crato.urca.br
ahbb.net
ntserver1.pascon.com
toad.com
mailinx.nettlinx.com
www.sztge.com.cn

                     If the infected e-mail attachment is executed, it runs as a scren saver but also copies itself to C:\recycled with the filenames msmdm.exe and msscra.exe.
the worm code executed first. After that it activates the corresponding application. The worm is loaded automatically by changing the following keys in the registry.

HKEY_CLASSES_ROOT\exefile\shell\open\command

                     Yaha worm doesn't contain any destructive payloads. But if you have deleted the worm before fixing the registry your applications won't work.

Remvoing Yaha Worm from your system:

                   Fire has incorporated I-Worm/Yaha its signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

                   You can check the system manually. I-Worm/Yaha creates the file "MSMDM.EXE" in Recycled folder. The presence of this file ensures you are infected with this worm.

                   Yaha Worm changes registry keys when infecting the machine and it should be fixed before deleting the main worm file "MSMDM.EXE" stored in Recycled folder. A free download of FireLite [ 1100KB] version is also available to detect all viruses including Yaha worm. If you find this worm, use registered version of Fire to remove. Fire anti-virus kit provides perfect cure for Yaha worm. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Mr. Surend Raj, Prognet Technologies Pvt. Ltd, Feb. 2002]

Go to top of the page
.