virus scan software   contact virus scan software
virus scan software   online software store
virus scan software anti virus software virus scan software mission   new anti virus scan software
User solutions
scan for viruses
virus removal
virus protection
secure browsing
block hackers
data protection
filter email
kill spam
Corporate solutions
virus protection
mailserver
Firewall software
Black ice
Zone alarm pro
Featured product
trend micro pc-cillin
 


VIRUS NAME : W32/Yaha.c@MM




Virus Characteristics

AVERT has yet to receive a single field sample of this virus. The virus contains errors, which prevent it from mass-mailing if MSN Messenger is not installed on the system.

This virus arrives in an email message containing the following information:

Subject: Fw: (any of the following strings and string combinations: Are you looking for Love, Best Friends, Bullshit, charming, Check ur friends Circle, Cool, Dont wait for long time, Easy Way to revel ur love, Enjoy friendship, Enjoy Romantic life, excite, Find a good friend, for you, Free Screen saver, Friendship, Friendship, Friendship Screen saver, Funny, Great, how are you, How sweet this Screen saver, humour, I am For u, Idiot, Interesting, Interesting, Joke, Learn How To Love, Life for enjoyment, Looking for Friendship, Love, love speaks from the heart, LoveGangs, make ur friend happy, Need a friend?, Nice, Nothink to worryy, One Hackers Love, One Way to Love, Origin of Friendship, powful, relations, Romantic, 's Dance and forget pains, 's Laugh, Say 'I Like You' To ur friend, Screensaver, searching for true Love, Send This to everybody u like, Shake it baby, Shake ur friends, Shaking, stuff, The world of Friendship, The world of lovers, to check, to enjoy, to see, to share, to ur friends, to ur lovers, to watch, True Love, U r the person?, U realy Want this, Ur My Best Friend, war Againest Loneliness, Who is ur Best Friend, Wonderfool, Wowwwwwwwwwww check it, OR you care ur friend)

Body:

Hi Dear
Check the Attachement ..
See u
Sender's name

----- Original Message -----
From: "Friendship" < friendshipscr@screensaverforu.com >
To: < Sender's email address>
Sent: Friday, May 11, 2002 8:38 PM
Subject: humour iendship to ur friends


This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.
***********************************************************

Enjoy this friendship Screen Saver and Check ur friends circle...

Send this screensaver from www.screensaverforu.com to everyone you
consider a FRIEND, even if it means sending it back to the person
who sent it to you. If it comes back to you, then you'll know you have a circle of friends.

* To remove yourself from this mailing list, point your browser to:
http://screensaverforu.com/remove?freescreensaver
* Enter your email address (Sender's address) in the field provided and click "Unsubscribe".

OR...

* Reply to this message with the word "REMOVE" in the subject line.

This message was sent to address Recipient's address
X-PMG-Recipient: Recipient's address
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>> <<<>>> <<<>>>
</TD< tr>

Attachment: (the file extension is built off 2 strings ".doc", ".mp3", ".xls", ".wav", ".txt", ".jpg", ".gif", ".dat", ".bmp", ".htm", ".mpg", ".mdb", ".zip", or "" and then ".pif", ".bat", or ".scr" while the filename is chossen from the following list: biodata, bullshitscr, checkfriends, dailyreport, enjoylove, freescreensaver, friends, friends, friends4u, friendscircle, friendscr, friendsearch, friendsgreetings, friendship, friendship4u, friendshipbird, friendshipforu, friendsworld, fucker, goldfish, greetings, love, love, love4u, lovefinder, lovegreetings, loveletter, lovers, lovers, loverscreensaver, loversgang, lovescr, loveshore, mountan, passion, passionup, report, resume, rishtha, screensaver, screensaver4u, screensaver4u, screensaverforu, shakeit, shakescr, shakingfriendship, shakinglove, shareit, sharelove, truefriends, truelovers, urfriend, weeklyreport, or werfriends ).

Some messages sent exploit the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability, while others do not. If the exploit is used, unpatched system will automatically execute the attachment. On other system, the attachment must be run manually.

Once run, the virus copies itself to Recycle Bin with a random 6 character name hooks the registry to load itself whenever .EXE files are run.

  • HKEY_CLASSES_ROOT\exefile\shell\open\command\default="%virus_path%" %1 %*"
A textfile is saved to the Windows directory, using the same random name. This text file contains the text:

<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>

W32.YAHA-III
Author :H^H,h2h@achayans.com
Origin :India,Kerala

I like Klez,Sircam,But i hate the bullshit payloads

Is i am a good coder?? still i have dout huhh!!!

Beware Indian Hackers..Tomarrow is ours!!!

<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
A message is also sent to 9846097736@bplmobile.com containing the following information:
Subject: Beware Indian Hackers!!!
Body: We r the Great Indians, Enjoy My w32/yaha!!! By H^H

 

Symptoms

When run, the virus displays a screen saver which appears the following message deformed:
UR MY BEST FRIEND


 

 

 
Latest viruses
MyLife.e@MM
Goround.worm
Gluas.a
Linux/Alfa
QDel234
BackDoor-OG
Best sellers
Kaspersky PRO
Panda Platinum
Tiny firewall
Volume licensing

symantec volume licensing

mcafee volume licensing
Online services
Mcafee clinic
 
   

[ virus-scan-software.com ] - [ products ] - [ security ] - [ services ] - [ support ] - [ what's new ] - [ contact ]

website design by Siteowners