After Affects of Worm

Status
Not open for further replies.

Dave

Fully Optimized
Messages
4,866
Location
"Almost Heaven" USA
I got the worm W32.Yaha.K@mm, but it is now quarantined/deleted (not without damage).

Background
I was reading my Hotmail. I deleted the email that I was reading and Hotmail automatically opened the next email which contained the worm. McAfee, used by Hotmail, did not stop the worm, but my Norton did stop it from sending any emails. However, since it came through Hotmail, it did not stop it from damaging files.

Actions
Norton kept the worm from using my address book to send out emails, but it did not keep it from doing other harm. I ran all the disk doctors, file clean-ups, etc., that was recommended by Norton and others. It deleted the threat of the worm.

Problems
I have several problems now, most of it being that none of the shortcuts work, and neither do the menus. I can start IE or OE by using the RUN feature of Windows and typing in the command line, like "C:\Program Files\Outlook Express\Msimn.exe".

I need to get everything back in shape and I'm open for suggestions on how to do that. Please put in technologically impaired language!

Questions:
  1. I have Windows XP Pro, would this be a good time to load it? Would this bring back the functionality of the desktop shortcuts and the programs that I use?
  2. Is there a fast and fairly easy way to get all shortcuts working?
  3. Is there a fast and fairly easy way to get the menus working?
  4. When checking the properties of shortcuts and menu items, the Start In field is blank? How do I find out what goes in each field?
  5. I get the following message when trying to look at some properties: Access to the specified device, path, or file is denied. How do I get take care of that?
    [/list=1]
    Sorry for the long post. I'm hoping that someone can help me get my pc back in shape (without going to someone that will charge me lots of money).

    Thanks for any help.

    Struggling Dave :(
 
I would say that if you are SURE the system is no longer infected then yea, go ahead and upgrade to xp. Manually recreating the shortcuts, etc.. will take way too long.
 
Yea, loading up XP would probably automatically re-configure some of the built in windows features. IE, Outlook, Win Media Player and all that other fun stuff. But programs that you haveinstalled something like ad-aware, Visual Basic and other things that might have been re-routed are probablly gonna have to be done manually :(
 
try this if you haven't already run XP install.

The malware of yaha actually connects to the items on your desktop and launches itself each time you double-click one of these instead of the intended purpose. You can disable this feature of the worm by:

Download this file and rename it exe fix.reg Then run it to correct your registry to the proper settings.
 
Thanks for the suggestions.

I'm kinda' chicken now to try a download. I'll probably try the XP Pro install, but can you tell me where you got the download to fix the registry? Thanks.

:D
 
Yep

Well, it wont hurt to download it from here, but I exported the file from my own registry. It has the proper registry settings for exefiles regardless of Windows OS, which the virus changes:

HKEY_CLASSES_ROOT\exefile\shell\open\command
The entry should be: "%1\" %*"
As oppossed to the file name that the virus is using to propagate itself.
 
Re: Yep

brahm said:
HKEY_CLASSES_ROOT\exefile\shell\open\command
The entry should be: "%1\" %*"
As oppossed to the file name that the virus is using to propagate itself.
The entry in mine is "". There's nothing between the quotes.

I tried your suggestion. It said:

Can not import C:\WINDOWS\DESKTOP\EXEFIX~1.REG: The specified file is not a registry script. You can import only registry scripts.

I also put in the Window XP Pro cd to install. It comes up on the screen with the options, but nothing happens when I try to install.

I have also been starting programs by typing in their command line in the RUN line, but NOW that is not working. It says:

This file does not have a program associated with it....

Any ideas!

:confused:
 
Re: yep

brahm said:
Yes, change that registry setting from "" to "%1\" %*"
Changed the registry setting as shown, but no go on anything yet.

Getting an error message with everything (no associated program).

:(
 
Programs that will aid in deleting pest in the computer

I use two programs that help me aid also with spyware and adware on the computer.

If you have gator, get rid of it, spyware all together.

www.pestpatrol.com

&

http://download.com.com/3120-20-0.html?qt=Ad-Aware&tg=dl-2001

are two I use. I also make sure I don't open any email just for the hell of it.

P.s these programs will not solve all viruses/worms.
it really deletes pests like cookies/spyware/adware some codes that are on the computer and deletes them also from the Registory editor.

Hope this helps some find out that their being spyed on.
 
Status
Not open for further replies.
Back
Top Bottom