SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Yahaa.J@mm

MEDIUM
LOW
30090 bytes
(W32.Yaha.J@mm (NAV))
Download removal tool

Symptoms

- Files msnmsg32.exe, winReg.exe, nav32.exe in the System directory
(usually c:\windows\system - on Windows 95/98/ME, c:\winnt\system32 -
on Windows NT/2000, c:\windows\system32 - on Windows XP)
- in the Windows directory there are some of the files:
- bestfriend.scr
- mAtRiX.scr
- EvilDaemon.scr
- Love.scr
- Escort.scr
- NeverMind.scr
- HotShot.scr
- Honey.scr
- ScreenSaver.scr
- LoverScreenSaver.scr

Removal instructions:

- automatic removal: let BitDefender delete/disinfect files found infected.
- manual: restore the registry value HKEY_CLASSES_ROOT\exefile\shell\open\command\(default)
to contain the data: ["%1" %*] (withouth the square brackets)

Analyzed By

Costin Ionescu BitDefender Virus Researcher

Technical Description:

This is an Internet Worm which comes as attachment to an infected e-mail.
The virus is written in Visual C++ 6.0 and the executable is packed with UPX 1.20.
The format of the infected e-mail is:
From: A fake sender
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources