1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

how is it possible...

Discussion in 'Virus & Other Malware Removal' started by cammi, Jan 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    to lose everyone's things in my documents without even deleting anything??!?!?!?!?!?!?!?

    btw attached is my startuplist...
     

    Attached Files:

  2. Dirk Diggler

    Dirk Diggler

    Joined:
    Nov 17, 2002
    Messages:
    84
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  5. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    hey guys you're right! the trendmicro scanner thingy has come up with:

    about like 10-25 worm_yaha.k's
    js_noclose.e

    i am going to go onto the symantec website and dl the yaha k remover program. apparently, according to trendmicro, the js_noclose.e is a trojan horse, but is low in damage.
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    after you get rid of yaha you might want to go here www.moosoft.com and download "the cleaner" its a trojan specific scanner that will kill any trojans in your system.
    post back and let us know alls well.;)
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No sign of a trojan in the Startuplist log, though.

    However, you don't seem to be running an antivirus, so I'm not entirely surprised you got infected... :rolleyes:
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    This would be the yaha worm -- (I finally found something that Tony missed, instead of the other way around ;) )

    WinServices = C:\WINDOWS\System32\WinServices.exe

    The Symantec Tool should remove it. I don't know whether this worm is getting hungrier, but in the ZoneAlarm thread here it may have eaten Add/Remove programs as well.
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    I'm afraid I'll have to disappoint you once again... :p

    Dirk Diggler already pointed that out before you did.

    Cheers,
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I know, I saw it, but thought you didn't :D
     
  11. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    I'm afraid I did.... :D

    As cammi already ran a scan at House Call which detected the virus, I considered it case closed.
     
  12. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Ah....Some healthy competition!:D
    I would join in but you guys are way out of my league. I still play double "AA" ball!;) :p

    Dave
     
  13. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    LOL... :D

    It's just because I eat Startuplist logs for breakfast, lunch and dinner...

    You tend to recognize things after a while.
     
  14. dtugg

    dtugg

    Joined:
    Oct 22, 2002
    Messages:
    345
    Sorry to jump in here, but I have a question about the startup list. I looked at it and seen the "C:\WINDOWS\System32\WinServices.exe"

    I now know that seeing this in the startup means yaha virus. The thing I don't know is how you all recognized it.

    I mean do you just study up on all the new viruses and what they add to the startup, or what?

    Sorry to be a noobie here!!

    dtugg
     
  15. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    dtugg
    As Tony previously mentioned the more you look at Startups and review them the more you become familiar with what should be in there and what looks suspicious. For instance if you where reviewing allot of peoples startups for diagnostics and thought WinServices.exe looked suspicious you could run a search for it to see if others had reported this. Example through Google: Click Here

    You also can review what items people list in startups and for that matter your own by going to several sites such as:

    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
    Also
    http://www2.whidbey.net/djdenham/Uncheck.htm
    also
    http://www.pacs-portal.co.uk/startup_content.htm

    Lastly in Tonys and Rogs case if I am not being out of line I would say they spend a great deal of time at TSG and other forums helping people straighten out Virus, Trojan and other startup problems which makes them very qualified to spot suspicious items.

    Dave
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112594

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice