Results 1 to 14 of 14
  1. #1
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    I have just found a file on my desktop that neither I nor Pauline have put there, it is named aYerHS.txt and it contains the following. Does anybody know what it is or where it came from? <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> ==================================================
    W32.@YerH$.B,Made in India,
    wE aRe thE greAt iNdIaNs..
    ----------------------------

    aBouT mE :
    jUst a c0mputEr gEEk..
    i tHinK i aM sTill a sCripT kiddiE..

    eDucAtiOn : sCh00l sTudEnt..

    aBouT @YerH$.B:
    n0 dEstrucTivE paYload$ f0r inFecTeD c0mpUteRs.
    teRminAtioN oF aV + FireWaLL f0r sUrvIvaL.
    tImE dEfiNed tRigErRinG.. jUst f0r fUn.. n0 paYloaD.
    c0ntAinS bUg iN rEpliCation c0de.. no tIme t0 fiX.
    g0nNa fiX iT iN nExt rElEase..

    n0 m0rE $hiT
    ===================================================

    &gt;&gt; qph@hackermail.com <HR></BLOCKQUOTE>

    Travel safe
    Gordon
    YouTrek

  2. #2
    ABW Ambassador ShoreMark's Avatar
    Join Date
    January 18th, 2005
    Location
    NJ, USA
    Posts
    912
    [QUOTE]Originally posted by Gordon:
    aYerHS.txt [QUOTE]

    Didn't see it listed specifically at Symantec, but it sounds like it already turned off your anti-virus program, or is about to.

  3. #3
    Member
    Join Date
    January 18th, 2005
    Posts
    133
    You're infected with W32.Yaha.K@mm

    Here's a link with more info.
    Virus Info

  4. #4
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    Thanks you guys
    It has turned off my Norton antivirus

    I've just dowloaded the remoal program from symantec I'll let you know if it works.

    [edited to add] I have just run the program and it tell me I do not have W32.Yaha on my computer.

    I have a couple of programs that keep starting themselves called winservices and another called Tcpsvs32 that keeps starting itself. I found these by doing control-alt-delete. They have made my norton antivirus stop working. Any help with the names or how to remove these will be gratefuly recieved

    Travel safe
    Gordon
    YouTrek

    [This message was edited by Gordon on January 01, 2003 at 11:21 PM.]

  5. #5
    ABW Ambassador ShoreMark's Avatar
    Join Date
    January 18th, 2005
    Location
    NJ, USA
    Posts
    912
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Gordon:
    They have made my norton antivirus stop working. Any help with the names or how to remove these will be gratefuly recieved
    <HR></BLOCKQUOTE>

    There's a section at Symantec, somewhere in one of the drill down faq's with a separate scanner/tool for getting rid of the ones that turn off Norton - on my sons computer it wouldn't take a certain step because he was infected, but it told us where the files were and once deleted you can go back through that section to get it cleaned up and start up Norton again. There's even an option to send tech support files for an email solution if it's not going well for you.

  6. #6
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    Thanks ShoreMark I'll take a look but I'm not very savvy with computers I might have to take it to the shop tomorrow.

    Travel safe
    Gordon
    YouTrek

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,087
    It sounds like the KLEZ virus. I think I remember that file . . . just before I lost everything on my hard drive~!

    Brian
    aka Cyclone @ CyclonesFunnel.com

  8. #8
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Gordon,

    You've been biten by W32.Yaha.K@mm virus. If you saw that text file, then the virus has already run. Go here http://securityresponse.symantec.com...yaha.k@mm.html and scroll down the page to "Recommendations." Under there it gives you step by step instructions on how to clean your system if the virus has run and your AV software has been trashed.

    These people are such idiots. Don't freak if on Thursday your "My Documents" folder and everything in it disappears. Part of the payload is that if changes the attributes of that folder to "hidden" on Thursdays. Some people really need to get a life.

    Good luck to you.

    Keep Your Hands Off My Cookies

  9. #9
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    Thanks BLFH Iwent there but the bloody thing keeps coming back even after deleting it in the registry. I will take it to the shop now and hope I am not ofline too long.

    Travel safe
    Gordon
    YouTrek

  10. #10
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    It cost me $42.50 Can to get it removed but at least I am back now

    Travel safe
    Gordon
    YouTrek

  11. #11
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Man, what a pain. But glad to here you have your baby back and are up and running again.

    Keep Your Hands Off My Cookies

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,082
    Just curious, any idea of how you got this virus and what to watch out for?
    Cazzie

  13. #13
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Cazzie,

    Go to the link in my post above and it gives you the full details of the virus. It will tell you the most common subjects being generated in the infected emails.

    The best protection to have the most updated ref files for your anti-virus and scan all incoming emails. Don't open any emails that haven't been scanned and immediately delete any emails that show on detection. Norton has recently upgraded the Priority of this virus as it is on the rise again.

    Keep Your Hands Off My Cookies

  14. #14
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Winterpeg, the Mosquito Capital of Canada
    Posts
    2,299
    I have used mailwasher to scan all my e mails before they even reach my computer. Really nice program, free to use, donations are accepted by them, but sure saves time and effort keeping garbage and spam out. I use it because of multiple e mail addresses and all the garbage I receive in them to weed out what I want to allow through to them.

    www.mailwasher.net

    WW

    It was so cold last winter that I saw a lawyer with his hands in his own pockets.
    Give a man a fish he eats for a day. Teach a man to fish he spends the day drinking beer in the boat.

  15. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Hello every body!
    By bad boy in forum Introduce Yourself
    Replies: 7
    Last Post: October 19th, 2011, 02:12 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •