Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

how is it possible...

1799 Views 19 Replies 8 Participants Last post by  Davey7549
C
to lose everyone's things in my documents without even deleting anything??!?!?!?!?!?!?!?

btw attached is my startuplist...

Attachments

Save
Like
Status
Not open for further replies.
1 - 20 of 20 Posts
D
Think you've been hit by the Yaha virus:-
Yaha virus definition
Save
Like
$teve
cammi.....you should go here and run trends online virus scan.
http://housecall.trendmicro.com/

NOW! and come back here with the result.
good luck;)
Save
Like
$teve
there is also a recent thread you might want to look at.

http://forums.techguy.org/t111083/s.html
Save
Like
C
hey guys you're right! the trendmicro scanner thingy has come up with:

about like 10-25 worm_yaha.k's
js_noclose.e

i am going to go onto the symantec website and dl the yaha k remover program. apparently, according to trendmicro, the js_noclose.e is a trojan horse, but is low in damage.
Save
Like
$teve
after you get rid of yaha you might want to go here www.moosoft.com and download "the cleaner" its a trojan specific scanner that will kill any trojans in your system.
post back and let us know alls well.;)
Save
Like
TonyKlein
No sign of a trojan in the Startuplist log, though.

However, you don't seem to be running an antivirus, so I'm not entirely surprised you got infected... :rolleyes:
Save
Like
Rollin' Rog
This would be the yaha worm -- (I finally found something that Tony missed, instead of the other way around ;) )

WinServices = C:\WINDOWS\System32\WinServices.exe

The Symantec Tool should remove it. I don't know whether this worm is getting hungrier, but in the ZoneAlarm thread here it may have eaten Add/Remove programs as well.
Save
Like
TonyKlein
Originally posted by Rollin' Rog:
This would be the yaha worm -- (I finally found something that Tony missed, instead of the other way around ;) )
Click to expand...
I'm afraid I'll have to disappoint you once again... :p

Dirk Diggler already pointed that out before you did.

Cheers,
Save
Like
Rollin' Rog
I know, I saw it, but thought you didn't :D
Save
Like
TonyKlein
I'm afraid I did.... :D

As cammi already ran a scan at House Call which detected the virus, I considered it case closed.
Save
Like
Davey7549
Ah....Some healthy competition!:D
I would join in but you guys are way out of my league. I still play double "AA" ball!;) :p

Dave
Save
Like
TonyKlein
LOL... :D

It's just because I eat Startuplist logs for breakfast, lunch and dinner...

You tend to recognize things after a while.
Save
Like
D
Sorry to jump in here, but I have a question about the startup list. I looked at it and seen the "C:\WINDOWS\System32\WinServices.exe"

I now know that seeing this in the startup means yaha virus. The thing I don't know is how you all recognized it.

I mean do you just study up on all the new viruses and what they add to the startup, or what?

Sorry to be a noobie here!!

dtugg
Save
Like
Davey7549
dtugg
As Tony previously mentioned the more you look at Startups and review them the more you become familiar with what should be in there and what looks suspicious. For instance if you where reviewing allot of peoples startups for diagnostics and thought WinServices.exe looked suspicious you could run a search for it to see if others had reported this. Example through Google: Click Here

You also can review what items people list in startups and for that matter your own by going to several sites such as:

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
Also
http://www2.whidbey.net/djdenham/Uncheck.htm
also
http://www.pacs-portal.co.uk/startup_content.htm

Lastly in Tonys and Rogs case if I am not being out of line I would say they spend a great deal of time at TSG and other forums helping people straighten out Virus, Trojan and other startup problems which makes them very qualified to spot suspicious items.

Dave
See less See more
Save
Like
brendandonhu
http://mywebpages.comcast.net/brendandonhue/startuplistchecker.html

Its got some bugs.
Save
Like
$teve
and davey is giving our secrets away:D

soon we will be redudant;)
Save
Like
Davey7549
Redundant!!!!!!:eek: Never Happen!!!!! Someone will conger up another Virus or Application combination to drive us nuts!;)

Its like the rain after its soaks into the ground, maybe hidden from us but it shall return!

Dave
Save
Like
$teve
Someone will conger up another Virus or Application
Click to expand...
now dave thats either a dance you have us doin....or some fishy thing:D
Save
Like
Davey7549
Me Witch Doctor????:eek: Never!:p ;)
Just the lyrics to a tune we have heard a thousand times!

Dave
Save
Like
1 - 20 of 20 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top