Jump to content

Yaha.Q virus

Peter Sharpe

By Peter Sharpe
in Technical Help Forum

 Share

Recommended Posts

Peter Sharpe Member

Peter Sharpe

Posted
Posted

Beware of this wretched thing that arrives via email. A mate of mine has it and it infected 659 files. It disables all your anti-virus systems, prevents access to msconfig, regedit, system restore, and just about anything else that you can conceivably use to defeat it. I found a loophole in that I could run AVG by right clicking on the C: drive in My Computer. At least it told me what the virus was, even if I couldn't get rid of it.

Typical messages include

"Windows cannot find C:Program FilesInternet ExplorerExplorer.exe You may have typed the name incorrectly in the Run dialog, or another open program cannot find a sysytem file. To search for a file click the Start button and then click Search"

You will find this message referring to many different exe files, all of which you will be able to find by searching - you just won't be able to start them.

I have found a fix on http://www.sophos.com/support/disinfection...yaharemove.html

I have downloaded it onto a floppy disk, so I will let you know how I get on.

English as tuppence, changing yet changeless as canal water, nestling in green nowhere, armoured and effete, bold flag-bearer, lotus-fed Miss Havishambling, opsimath and eremite, feudal, still reactionary, Rawlinson End.

 

Link to comment
Share on other sites
Newt Member

Newt

Posted
Posted

Good luck. That is a particularly nasty bug.

 

If you have similar problems in the future and still have a working browser, google for housecall RAV online and you'll get links to a number of good, free, online AV scanners. RAV will fix most problems. I think some of the others just ID them for you.

 

The online scanners are nice because they are always current and cannot be disabled by an infection on the PC.

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites
Peter Sharpe Member

Peter Sharpe

Posted
  • Author
Posted

Amazing, it worked. All he has to do now is catch up on about 20mb of Microsoft updates - and that's without all the Media Player nonsense.

 

One more problem now: when AVG is carrying out its checks, it runs through massive amounts of temporary internet files in the directory of IE5 (he's very out of date). The only problem is that I have already carried out a sytem cleanup, and when I look in this directory I can only see a few kilobytes of cookies. Any idea how to find them?

 

[ 15. December 2003, 07:07 AM: Message edited by: Peter Sharpe ]

English as tuppence, changing yet changeless as canal water, nestling in green nowhere, armoured and effete, bold flag-bearer, lotus-fed Miss Havishambling, opsimath and eremite, feudal, still reactionary, Rawlinson End.

 

Link to comment
Share on other sites
Newt Member

Newt

Posted
Posted

The browser under tools~internet options and then dump temp internet files & dump cookies should get rid of them for you.

 

If it somehow doesn't, you'll probably have to take another route to do the deed but specifics vary by operating system so - what is he running?

" My choices in life were either to be a piano player in a whore house or a politician. And to tell the truth, there's hardly any difference!" - Harry Truman, 33rd US President

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We and our partners use cookies on our website to give you the most relevant experience by remembering your preferences, repeat visits and to show you personalised advertisements. By clicking “I Agree”, you consent to the use of ALL the cookies. However, you may visit Cookie Settings to provide a controlled consent.

  I accept