Yet Another Bulletin Board

Welcome, Guest. Please Login or Register.
Nov 23rd, 2024, 7:41pm

Home Home Help Help Search Search Members Members Member Map Member Map Login Login Register Register
Clusterheadaches.com Message Board « Virus help, ANYONE!!! »


   Clusterheadaches.com Message Board
   New Message Board Archives
   2003 Posts
(Moderator: DJ)
   Virus help, ANYONE!!!
« Previous topic | Next topic »
Pages: 1  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print
   Author  Topic: Virus help, ANYONE!!!  (Read 270 times)
brain_cramps
New Board Hall of Famer
Canada 
*****





   
Email

Gender: male
Posts: 2103
Virus help, ANYONE!!!
« on: Mar 3rd, 2003, 1:36pm »
Quote Quote Modify Modify

Has anyone out there ran into the "W32/Yaha-L" virus?
 
Besides changing your 'home-page', it runs 'whenever you launch a file with an EXE extension'.
 
This makes it especially tough to remove 'bad' registry entries using 'regedit'.  I have been able to locate the files that it installs, but am unable to delete them until their references are removed from the registry.  Kinda a 'catch-22'.
 
Help and thanks in advance,
grant
« Last Edit: Mar 3rd, 2003, 1:36pm by brain_cramps » IP Logged
brain_cramps
New Board Hall of Famer
Canada 
*****





   
Email

Gender: male
Posts: 2103
Re: Virus help, ANYONE!!!
« Reply #1 on: Mar 3rd, 2003, 1:40pm »
Quote Quote Modify Modify

Note:  I've already tried to run regedit in 'safe mode' and same problem.  It starts, runs for about a second, and quits.
 
Somebody should shoot the bastards that think up shit like this!!!
IP Logged
Kirk
CH.com Alumnus
New Board Hall of Famer
USA 
*****




VINIMUS, VIDIMUS, DOLAVIMUS

161860987 161860987   kirk_jones511   krkevrtt
Email

Gender: male
Posts: 1914
Re: Virus help, ANYONE!!!
« Reply #2 on: Mar 3rd, 2003, 1:42pm »
Quote Quote Modify Modify

Try RegClean 4.1a. http://www.cnet.com has it in thier Windows download section.. It's free and might do the trick.
Other then that run FreeBSD or Linux are the best I can suggest. ;D
IP Logged

brain_cramps
New Board Hall of Famer
Canada 
*****





   
Email

Gender: male
Posts: 2103
Re: Virus help, ANYONE!!!
« Reply #3 on: Mar 3rd, 2003, 1:48pm »
Quote Quote Modify Modify

on Mar 3rd, 2003, 1:42pm, Kirk wrote:
Other then that run FreeBSD or Linux are the best I can suggest.

 
ROTFLMAO - Its my parents system.  I kinda think Linux might be a little over their heads.
 
Downloading RegClean and going to give it a shot.
 
Thanks Kirk and I'll let you know,
grant
 
IP Logged
brain_cramps
New Board Hall of Famer
Canada 
*****





   
Email

Gender: male
Posts: 2103
Re: Virus help, ANYONE!!!
« Reply #4 on: Mar 3rd, 2003, 2:06pm »
Quote Quote Modify Modify

Well Kirk, no such luck.  ???
 
Attached is a link describing it:
http://www.sophos.com/virusinfo/analyses/w32yahal.html
 
<<
Once executed, W32/Yaha-L stays resident in memory as a process which is not visible in the task list.  The worm takes active measures against anti-virus software including:
- atuomatically resetting the registry modifications if they are changed
- actively terminating a range of anti-virus, firewall and internet serviceprograms
- actively terminating REGEDIT
>>
 
Pretty creative, huh?  Angry Angry Angry Angry Angry
IP Logged
Kirk
CH.com Alumnus
New Board Hall of Famer
USA 
*****




VINIMUS, VIDIMUS, DOLAVIMUS

161860987 161860987   kirk_jones511   krkevrtt
Email

Gender: male
Posts: 1914
Re: Virus help, ANYONE!!!
« Reply #5 on: Mar 3rd, 2003, 2:15pm »
Quote Quote Modify Modify

Found another for you. http://onlinepcfix.com/virushelp/antivirus.htm
They have a standalone remover for all the Yaha(Lentin) worms there.
 
Just put the Redmond splash screen and theme on Linux and don't tell your parents. hehehehehe ;D
IP Logged

BruceD
CH.com Alumnus
New Board Hall of Famer
USA 
*****




Got Atrium?

   
Email

Gender: male
Posts: 507
Re: Virus help, ANYONE!!!
« Reply #6 on: Mar 3rd, 2003, 2:16pm »
Quote Quote Modify Modify

I just looked and Symantec has a program to remove it. I don't know if you've tried that yet, but it may be of use. They've got some step-by-step instructions too.
 
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.l@mm.ht ml
 
Hope this helps
BruceD
IP Logged

Childhood is short, maturity is forever. (The Indispensable Calvin and Hobbes)
Kirk
CH.com Alumnus
New Board Hall of Famer
USA 
*****




VINIMUS, VIDIMUS, DOLAVIMUS

161860987 161860987   kirk_jones511   krkevrtt
Email

Gender: male
Posts: 1914
Re: Virus help, ANYONE!!!
« Reply #7 on: Mar 3rd, 2003, 2:23pm »
Quote Quote Modify Modify

Just another script kiddie. Nothing really creative about it. Although the DDos attack against a Pakistani govrerment site is almost cute..
If the remover doesn't work let me know. We're all pulling for ya over here. Who needs another head ache.
IP Logged

brain_cramps
New Board Hall of Famer
Canada 
*****





   
Email

Gender: male
Posts: 2103
Re: Virus help, ANYONE!!!
« Reply #8 on: Mar 3rd, 2003, 2:25pm »
Quote Quote Modify Modify

Thx everybody
 
Already tried the 'onlinepcfix.com' link and the 'securityresponse.symantec.com' link.
 
'onlinepcfix.com' wants $ and I guess that will probably be the next step.
 
'sophos.com' gives a bunch of instructions that they obviously never tested, since they admit that REGEDIT won't run but they still want you to remove registry entries.
 
frozen and frustrated!
grant
 
IP Logged
Ueli
Guest

Email

Re: Virus help, ANYONE!!!
« Reply #9 on: Mar 3rd, 2003, 2:25pm »
Quote Quote Modify Modify Remove Remove

Grant, use another registry editor, like RegHance from Lavasoft:
 
http://www.lavasoftusa.com/software/reghance/
 
Good luck,  
Ueli
IP Logged
BruceD
CH.com Alumnus
New Board Hall of Famer
USA 
*****




Got Atrium?

   
Email

Gender: male
Posts: 507
Re: Virus help, ANYONE!!!
« Reply #10 on: Mar 3rd, 2003, 2:33pm »
Quote Quote Modify Modify

Try renaming the regedt32.exe to regedt32.com and give that a go.
IP Logged

Childhood is short, maturity is forever. (The Indispensable Calvin and Hobbes)
brain_cramps
New Board Hall of Famer
Canada 
*****





   
Email

Gender: male
Posts: 2103
Re: Virus help, ANYONE!!!
« Reply #11 on: Mar 3rd, 2003, 4:42pm »
Quote Quote Modify Modify

Thanks Kirk, BruceD, Ueli and Randy
 
on Mar 3rd, 2003, 2:23pm, Kirk wrote:
Although the DDos attack against a Pakistani govrerment site is almost cute..
 That's about the only CUTE thing I found.
 
If anyone gets this little steaming nugget of shit virus, beware of the following:
- OnlinePCFix.com has incomplete/incorrect instructions.
- Sophos.com also has incomplete/incorrect instructions.
- Symantec has incomplete/incorrect instructions, but has a downloadable fix that is FREE and WORKS!
 
After copying REGEDIT.EXE to REG.COM, still had problems.  If you go and make the 'required' registry changes, when you go back in, the changes have already been overwritten with the incorrect changes.
 
The 3 sites said there would only be 3 infected files to be deleted and 3 registry entries to be changed.  There was 15 files to be deleted.
 
Thanks and Its Miller time,
Grant  Cool
 
IP Logged
Pages: 1  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print

« Previous topic | Next topic »


Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.


©1998-2010 Web Vision Enterprises All rights reserved. All information on this site is protected by international copyright laws. You may not re-distribute any information from this site without written permission from Web Vision Enterprises and the webmaster of this site. Violators will be prosecuted.
You may view our privacy policy and financial disclosure statement here

test rss