Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Windows & Hardware Tips
Information On Viruses

virus file

VIRUS NAME : W32/Yaha.c@MM

VIRUS NAME : W32/Yaha.c@MM

Virus Characteristics

AVERT has yet to receive a single field sample of this virus. The virus contains errors, which prevent it from mass-mailing if MSN Messenger is not installed on the system.

This virus arrives in an email message containing the following information:

Subject: Fw: (any of the following strings and string combinations: Are you looking for Love, Best Friends, Bullshit, charming, Check ur friends Circle, Cool, Dont wait for long time, Easy Way to revel ur love, Enjoy friendship, Enjoy Romantic life, excite, Find a good friend, for you, Free Screen saver, Friendship, Friendship, Friendship Screen saver, Funny, Great, how are you, How sweet this Screen saver, humour, I am For u, Idiot, Interesting, Interesting, Joke, Learn How To Love, Life for enjoyment, Looking for Friendship, Love, love speaks from the heart, LoveGangs, make ur friend happy, Need a friend?, Nice, Nothink to worryy, One Hackers Love, One Way to Love, Origin of Friendship, powful, relations, Romantic, 's Dance and forget pains, 's Laugh, Say 'I Like You' To ur friend, Screensaver, searching for true Love, Send This to everybody u like, Shake it baby, Shake ur friends, Shaking, stuff, The world of Friendship, The world of lovers, to check, to enjoy, to see, to share, to ur friends, to ur lovers, to watch, True Love, U r the person?, U realy Want this, Ur My Best Friend, war Againest Loneliness, Who is ur Best Friend, Wonderfool, Wowwwwwwwwwww check it, OR you care ur friend)


Hi Dear
Check the Attachement ..
See u
Sender's name
----- Original Message -----
From: "Friendship" < friendshipscr@screensaverforu.com >
To: < Sender's email address>
Sent: Friday, May 11, 2002 8:38 PM
Subject: humour iendship to ur friends

This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.

Enjoy this friendship Screen Saver and Check ur friends circle...

Send this screensaver from www.screensaverforu.com to everyone you consider a FRIEND, even if it means sending it back to the person who sent it to you. If it comes back to you, then you'll know you have a circle of friends.

* To remove yourself from this mailing list, point your browser to: http://screensaverforu.com/remove?freescreensaver
* Enter your email address (Sender's address) in the field provided and click "Unsubscribe".


* Reply to this message with the word "REMOVE" in the subject line.

This message was sent to address Recipient's address
X-PMG-Recipient: Recipient's address
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>> <<<>>> <<<>>>

Attachment: (the file extension is built off 2 strings ".doc", ".mp3", ".xls", ".wav", ".txt", ".jpg", ".gif", ".dat", ".bmp", ".htm", ".mpg", ".mdb", ".zip", or "" and then ".pif", ".bat", or ".scr" while the filename is chossen from the following list: biodata, bullshitscr, checkfriends, dailyreport, enjoylove, freescreensaver, friends, friends, friends4u, friendscircle, friendscr, friendsearch, friendsgreetings, friendship, friendship4u, friendshipbird, friendshipforu, friendsworld, fucker, goldfish, greetings, love, love, love4u, lovefinder, lovegreetings, loveletter, lovers, lovers, loverscreensaver, loversgang, lovescr, loveshore, mountan, passion, passionup, report, resume, rishtha, screensaver, screensaver4u, screensaver4u, screensaverforu, shakeit, shakescr, shakingfriendship, shakinglove, shareit, sharelove, truefriends, truelovers, urfriend, weeklyreport, or werfriends ).

Some messages sent exploit the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability, while others do not. If the exploit is used, unpatched system will automatically execute the attachment. On other system, the attachment must be run manually.

Once run, the virus copies itself to Recycle Bin with a random 6 character name hooks the registry to load itself whenever .EXE files are run.

HKEY_CLASSES_ROOT\exefile\shell\open\command\default="%virus_path%" %1 %*"

A textfile is saved to the Windows directory, using the same random name. This text file contains the text:

<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
Author :H^H,h2h@achayans.com
Origin :India,Kerala

I like Klez,Sircam,But i hate the bullshit payloads
Is i am a good coder?? still i have dout huhh!!!
Beware Indian Hackers..Tomarrow is ours!!!
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
A message is also sent to 9846097736@bplmobile.com containing the following information:
Subject: Beware Indian Hackers!!!
Body: We r the Great Indians, Enjoy My w32/yaha!!! By H^H


When run, the virus displays a screen saver which appears the following message deformed: UR MY BEST FRIEND

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.