SPECIAL: Instructions for disinfecting W32/Yaha-E, W32/Yaha-K and W32/Yaha-L

Discussion in 'malware problems & news' started by Technodrome, Jan 2, 2003.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Instructions for disinfecting W32/Yaha-E, W32/Yaha-K and W32/Yaha-L

    RMYAHA is a utility for disinfecting the W32/Yaha-E, W32/Yaha-K and W32/Yaha-L worms.

    The W32/Yaha family are worms which spread via email. The worms have their own SMTP client software and use either an SMTP server found by examining the Windows registry or one from a list contained within the worm itself.

    Download the RMYAHA utility on an uninfected PC. This file is available for download as a self-extracting archive, rmyahsfx.exe.

    Read the RMYAHA notes for instructions on how to use the RMYAHA to disinfect the W32/Yaha worms.

    RMYAHA utility: http://www.sophos.com/tools/rmyahsfx.exe
    RMYAHA notes: http://www.sophos.com/tools/readmes/readrmya.txt

    A Special thanks goes to SOPHOS Team


    http://www.sophos.com


    Technodrome
     
  2. palival

    palival Guest

    Don't delete the yaha.K worm files manually. If you delete the files manually, your *.EXE files will not work. I have accidently deleted and thought everything gone. After a lot of search found a tool in Solo Antivirus site. Visit http://www.srnmicro.com/virusinfo/yaha_k.htm for a free download. It worked great for me!! My pc is better now :)
     
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec's Yaha Removal Tool

    Symantec Security Response - W32.Yaha Removal Tool
    http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html

    What the tool does
    The W32.Yaha.E@mm/W32.Yaha.F@mm/W32.Yaha.K@mm/W32.Yaha.L@mm Removal Tool does the following:

    • 1. Terminates all the viral W32.Yaha.E@mm, W32.Yaha.F@mm, W32.Yaha.K@mm, and W32.Yaha.L@mm processes.
      2. Deletes the viral W32.Yaha.E@mm, W32.Yaha.F@mm, W32.Yaha.K@mm and W32.Yaha.L@mm files.
      3. Fixes the registry entries altered by the worm.
     
Thread Status:
Not open for further replies.