Seems to be a new strain of YAHA

I got a file called plus6.scr at hotmail.
Mcafee on hotmail wasnt able to catch it and also avast couldnt catch it.

But when i managed to get the registry editor running after killing a strange process called wintsk32.exe which cas attempting to connect to the net.

In the registry i saw in hklm exefile had been modified to load a prog called exeldr32.exe

i deleted wints32.exe, exeldr32.exe and the registry key

Please provided an update soon

PS: I knew it was the yaha worm. I just wanted to see if avast could catch it after mcafee had failed. And yes i have the latest updates

Yes, it could be Yaha/Lentin.R, but why did you delete it? If you want it to be added, you should have sent it to Avast. If you have the Email you can still send it .

Other thing, why did you start the file?

OK, the virus database has been updated to deal with this beast, and also the Virus Cleaner can now safely remove it.

Vlk

thanks a lot guys.

Thankfully i had a copy of antivir PE and it cleaned up my system (Finally i get to catch a virus).

these were the files reg32.exe exeldr32.exe wintsk32.exe

and a registry entry
HKEY_CLASSES_ROOT\exefile\shell\open\command

Damn Viruses

Well, in fact it creates some more registry entries (e.g. HKLM\Software\Microsoft\Snakes), but they’re completely useless.