Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Yaha.K Worm

                     Yaha.K is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .ht* files to distribute infected messages. It also spreads through MSN messenger list, ICQ list and Yahoo pager list.

                     Yaha.K arrives as an e-mail attachment with random message subject and message body. The SMTP server used to send the emails is chosen either from the registry or from the list inside the worm body.

                     If the infected e-mail attachment is executed, it copies itself to Windows system folder with multiples file names. The main files are listed below.

WinServices.exe. 
nav32_loader.exe
tcpsvs32.exe

                     After that it modifies the registry to load automatically whenever an "EXE" file is executed. The registry key modified will be

HKEY_CLASSES_ROOT\exefile\shell\open\command

It also modifies registry run section to load automatically on the next machine start.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"WinServices"= C:\%System%\WinServices.exe 

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices 
"WinServices"= C:\%System%\WinServices.exe 

                     When active in memory it will disable antivirus programs. If you have deleted the worm file before fixing the registry entries your applications will NOT work. You can restore the registry settings using yaha removal tool. This worm is also known as I-Worm/Yaha.K, W32/Yaha-M, I-Worm.Lentin.I, W32.Yaha.K@mm.

Remvoing Yaha.K from your computer:

                     Fire has incorporated Yaha.K worm in its signature file to protect Fire users from this worm attack. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit. If you are already infected with this worm, run Fire anti-virus and choose delete option to remove the worm components.

                     A free utility is available to detect and clean Yaha.K worm. You can download this utility from the link CleanYaha.com This tool will remove the worm from memory and also fixes the registry entries modified by the worm.

                     A free download of FireLite [ 1100 KB ] version is also available to detect other viruses including Yaha Worm. Fire anti-virus kit removes Yaha.K worm safely. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr. Jacob Kalis, Prognet Technologies Pvt. Ltd, Dec. 2002]

Go to top of the page
.