system
June 26, 2003, 12:12pm
1
I got a file called plus6.scr at hotmail.
Mcafee on hotmail wasnt able to catch it and also avast couldnt catch it.
But when i managed to get the registry editor running after killing a strange process called wintsk32.exe which cas attempting to connect to the net.
In the registry i saw in hklm exefile had been modified to load a prog called exeldr32.exe
i deleted wints32.exe, exeldr32.exe and the registry key
Please provided an update soon
PS: I knew it was the yaha worm. I just wanted to see if avast could catch it after mcafee had failed. And yes i have the latest updates
raman
June 26, 2003, 1:03pm
2
Yes, it could be Yaha/Lentin.R, but why did you delete it? If you want it to be added, you should have sent it to Avast. If you have the Email you can still send it .
Other thing, why did you start the file?
Vlk
June 26, 2003, 3:13pm
3
OK, the virus database has been updated to deal with this beast, and also the Virus Cleaner can now safely remove it.
Vlk
system
June 26, 2003, 4:40pm
4
thanks a lot guys.
Thankfully i had a copy of antivir PE and it cleaned up my system (Finally i get to catch a virus).
these were the files reg32.exe exeldr32.exe wintsk32.exe
and a registry entry
HKEY_CLASSES_ROOT\exefile\shell\open\command
Damn Viruses
igor0
June 26, 2003, 4:48pm
5
Well, in fact it creates some more registry entries (e.g. HKLM\Software\Microsoft\Snakes), but they’re completely useless.