W32.Yaha.B@mm

W32.Yaha.B@mm

W32.Yaha.B@mm нь W32.Yaha@mm вирусын нэг тєрєл бєгєєд хоорондын ялгаа нь vлдээдэг
файлдаа юм. W32.Yaha@mm нь C:\Recycled\Msscra.exe болон C:\Recycled\Msmdm.exe
файлуудыг vлдээдэг бол W32.Yaha.B@mm нь ямар нэг нэртэй 2 файлыг C:\Recycled
директорт vлдээдэг. Уг worm нь Windows Address Book дахь бvх хаяг руу єєрийгєє
илгээдэг байна.


Tєрєл: Worm
Хэмжээ: 23,320 байт
Хор хохирол учруулах зэрэг: 2
Захианы subject нь: "Enjoy this friendship-joke Screen Saver!!!!"

эсвэл "Fw: Enjoy this friendship-joke Screen Saver!!!!"
эсвэл "Have a nice day!!!!"
Файлын нэр: friends.scr

W32.Yaha.B@mm нь идэвхижсэн бол дараах vйдлvvдийг хийдэг:
Windows address book дэхь бvх хаягууд руу єєрийгєє илгээхээс гадна хаягын жагсаалт
бvхий address book файлыг C:\Windows\<дурын 5 тэмдэгт>< дурын 5 тэмдэгт
>.dll файл руу хуулдаг.

Registry файлын HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
хэсэгт дараах єєрчлєлтийг хийснээр ямар нэгэн executable файл ажиллахад вирус
идэвхижин ажиллахаар болгодог:

" %1 %*" гэсэн стандарт (default) утгыг c:\recycled\<random 5
letter file name>" %1 %*" болгож єєрчилдєг.

Мєн Internet Explorer программ ажиллуулахад эхэлж ордог vндсэн хуудсыг дараах
сайтуудын аль нэгээр болгож єєрчилдєг:
www.achayans.com
www.sunnt.com/suryatv
www.malayalamchannel.com
www.india.com
www.kerala.com
www.asianetglobal.com
www.malayalamanorama.com

Хэрхэн арилгах вэ?
W32.Yaha.B@mm worm илэрсэн бvх файлуудыг устгах, Registry файлд оруулсан
єєрчлєлтийг эргэж засах, мєн Internet Explorer программийн vндсэн хуудсыг єєрчлєх
хэрэгтэй.

Анхаар: Хэрвээ таны компьютер дээр уг worm идэвхижсэн бол NAV программийн
LiveUpdate-г ажиллуулахаасаа ємнє эсвэл татаж авсан хамгийн сvvлийн vеийн єєрчлєлтийг
ажилуулахаасаа ємнє Registry файл дахь єєрчлєлтийг засаарай.

1. NAV программийн хамгийн сvvлийн vеийн єєрчлєлтийг татаж авсан эсэх
2. Бvх файлуудыг шалгахаар тохируулагдсан эсэхийг шалгах.
3. Full system scan командыг ажиллуулж системийг бvхэлд нь шалгах.
4. W32.Yaha.B@mm илэрсэн бvх файлуудыг устгах.

Registry файлыг засах:

– Regedit.exe файлыг Regedit.com нэртэйгээр хуулах:
Worm нь Registry файлд єєрчлєлт оруулахдаа .exe єргєтгэлтэй файлуудыг засч чадахааргvй
болгодог тул файлыг засахын тулд .com єргєтгєлтэй болгох шаардлагатай.

1. Vvнийг хийхийн тулд дараах vйлдлvvдийг гvйцэтгэнэ:

  • Windows 95/98 системтэй бол:
    Start товчыг дарж Programs-г сонгон MS-DOS Prompt-г дарна.
  • Windows Me системтэй бол:
    Start товчыг дарж Programs-г сонгон Accessories -руу орж MS-DOS Prompt-г дарна.
  • Windows NT/2000/XP системтэй бол:
    1. Start товчыг дарж Run командыг сонгоно.
    2. command гэж бичээд Enter дарна.
    3. MS-DOS-н цонх гарч ирэхэд дараах командыг бичиж єгєєд Enter дарна: cd \winnt

2. MS-DOSн мєрнєєс дараах командыг бичээд Enter дарна:
copy regedit.exe regedit.com

3. Мєн дараах командыг бичээд Enter дарна:
start regedit.com

Registry файл нээгдсэний дараа дараах vйлдлийг хийж єєрчлєлтийг засна:

Анхаар: Системийн registry файлд ямар нэгэн єєрчлєлт оруулахаасаа ємнє
нэг хувийг нь хадгалж авч байна уу.
Буруу бичилт, єєрчлєлт хийснээс шалтгаалан файлууд эвдрэх, устах аюултайгаас
гадна систем ажиллахгvй болдог.

1. HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command гэсэн хэсгийг
олох.
<<=== NOTE: This is the key that you need to modify.
2. Дэлгэцийн баруун талд харагдах (Default) гэсэн утгыг 2 дарна.
3. Байгаа утгыг устгаад "%1" %* гэж бичнэ. (хашилт-процентын тэмдэг-нэгийн
тоо-хашилт-хоосон зай-процентын тэмдэг-од.)
4. Дээрх хэсэгт байгаа бvх утгыг устгасан эсэхээ сайн шалгаарай. Шинээр утга
оруулахдаа эхэнд нь хоосон зай vлдээсэн бол "Windows cannot find .exe"
эсвэл "Cannot locate C:\ <path and file name>." гэсэн алдаа
єгдєг.
5. Registry Editor программаас гарах.

Internet Explorer программийн vндсэн хуудсыг солих:
1. Microsoft Internet Explorer программийг ажиллуулах.
2. Tool цэснээс Internet Options командыг сонго.
3. General цонхон дахь Home Page хэсгийн Address гэсний ард вэбийн хаягыг бичиж
єгєєд OK товчыг дарна. Internet Exporer программийг ажиллуулахад шууд энэ хаяг
руу орж байхаар тохируулагдах юм.

 

{mos_fb_discuss:2} 

Date: September 27th, 2007 | Categories: Вирус | By: | Comments: 1,350

1,350 Responses to W32.Yaha.B@mm

    Hello it’s me, I am also visiting this web site daily, this site is really good and the visitors are genuinely sharing pleasant thoughts.|

    cvs pharmacy online Albenza Sildalist

    I have learn a few good stuff here. Certainly price bookmarking for revisiting. I surprise how a lot attempt you set to make the sort of excellent informative web site.|

    Somebody necessarily assist to make severely posts I might state. That is the very first time I frequented your website page and to this point? I surprised with the analysis you made to make this particular put up extraordinary. Excellent task!|

    It’s enormous that you are getting thoughts from this post as well as from our argument made at this time.|

    Appreciating the hard work you put into your site and in depth information you present. It’s nice to come across a blog every once in a while that isn’t the same outdated rehashed information. Excellent read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.|

    Thanks for any other informative site. Where else may just I get that kind of information written in such a perfect way? I’ve a undertaking that I’m simply now working on, and I have been at the glance out for such information.

    Excellent weblog here! Also your web site loads up fast! What web host are you the usage of? Can I get your affiliate link in your host? I desire my website loaded up as fast as yours lol|

    Wonderful post but I was wanting to know if you could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit more. Cheers!

    I was curious if you ever considered changing the page layout of your site? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having 1 or two pictures. Maybe you could space it out better?

    Nice blog here! Also your site so much up fast! What host are you the use of? Can I get your associate hyperlink in your host? I want my website loaded up as quickly as yours lol|

    There are some fascinating closing dates in this article however I don’t know if I see all of them center to heart. There is some validity but I’ll take hold opinion until I look into it further. Good article , thanks and we want extra! Added to FeedBurner as effectively

    I think this is among the most significant information for me. And i’m glad reading your article. But want to remark on few general things, The web site style is great, the articles is really nice : D. Good job, cheers|

    I was pretty pleased to uncover this web site. I need to to thank you for ones time just for this fantastic read!! I definitely loved every part of it and I have you bookmarked to check out new stuff on your site.

    I like what you guys are up also. Such smart work and reporting! Keep up the excellent works guys I have incorporated you guys to my blogroll. I think it’ll improve the value of my website :).

    I know this if off topic but I’m looking into starting my own blog and was curious what all is required to get setup? I’m assuming having a blog like yours would cost a pretty penny? I’m not very web smart so I’m not 100 certain. Any suggestions or advice would be greatly appreciated. Appreciate it|

    buying cialis online safely cialis generic cialis 80 mg dosage

    I like the valuable info you provide in your articles. I will bookmark your blog and check again here regularly. I am quite sure I’ll learn many new stuff right here! Best of luck for the next!|

    I seriously love your blog.. Excellent colors & theme. Did you make this web site yourself? Please reply back as I’m hoping to create my own personal blog and want to know where you got this from or just what the theme is called. Thank you!|

    just right post, i like it

    Right here is the right webpage for everyone who wishes to understand this topic. You know a whole lot its almost hard to argue with you (not that I actually would want to…HaHa). You definitely put a new spin on a subject which has been written about for ages. Excellent stuff, just wonderful.

    Global Dope About this offshoot
    https://albuterolday.com albuterol

    canadian pharmacy cialis get prescription online walmart pharmacy viagra

    What’s up every one, here every person is sharing such familiarity, therefore it’s good to read this web site, and I used to pay a quick visit this website every day.|

    With havin so much content do you ever run into any issues of plagorism or copyright infringement? My site has a lot of exclusive content I’ve either authored myself or outsourced but it seems a lot of it is popping it up all over the web without my agreement. Do you know any techniques to help reduce content from being stolen? I’d truly appreciate it.|

    I do not even understand how I finished up here, however I believed this publish was once good. I do not recognize who you are however certainly you’re going to a famous blogger in the event you are not already. Cheers!|

    buy tadalafil 20mg tadalafil peptides tadalafil mechanism of action

    Hello, I desire to subscribe for this web site to get latest updates, thus where can i do it please help.|

    Hurrah! After all I got a website from where I be able to actually take helpful data concerning my study and knowledge.|

    Non-specific Information Far this offshoot
    https://levitrahill.com vardenafil

    This site was… how do I say it? Relevant!! Finally I have found something that helped me. Appreciate it!|

    Fantastic site. A lot of helpful information here. I’m sending it to some buddies ans additionally sharing in delicious. And certainly, thank you for your sweat!

    cialis 40 mg buy cialis cialis walmart

    I blog quite often and I really thank you for your content. This great article has really peaked my interest. I am going to take a note of your site and keep checking for new information about once per week. I subscribed to your RSS feed as well.

    It’s going to be end of mine day, except before end I am reading this great paragraph to increase my know-how.|

    This site was… how do I say it? Relevant!! Finally I have found something that helped me. Thanks!|

    I have to thank you for the efforts you have put in penning this website. I really hope to check out the same high-grade content from you later on as well. In fact, your creative writing abilities has motivated me to get my own, personal blog now ;)|

    very good post, i love it

    exceptional article, i love it

    Your place is valueble for me. Thanks!…

    It is in point of fact a nice and useful piece of info. I’m glad that you shared this useful info with us. Please stay us up to date like this. Thank you for sharing.|

    I was able to find good information from your blog posts.

    Hey! Quick question that’s entirely off topic. Do you know how to make your site mobile friendly? My weblog looks weird when browsing from my iphone4. I’m trying to find a template or plugin that might be able to resolve this problem. If you have any recommendations, please share. Many thanks!

    cialis half life cialis side effects cialis uses

    For newest information you have to pay a visit world-wide-web and on world-wide-web I found this web page as a best site for latest updates.|

    Spot on with this write-up, I honestly feel this site needs far more attention. I’ll probably be back again to see more, thanks for the information!

Leave a Reply

Message:*

Name:

Email:

Website: