Seems this one is getting a bit of distribution... Note the name is Yahas spelt backward.. Original huh.. but check the second quote.. could this be the start of another trend.. Revenge Virii?
Edit: Failed to insert source of info sry..
found here: http://securityresponse.symantec.com...ahay.a@mm.html
now get thisW32.Sahay.A@mm is a mass-mailing worm that sends email messages to all the addresses in the Microsoft Outlook Address Book. The email message has the following characteristics:
Subject: Fw: Sit back and be surprised..
Attachment: MathMagic.scr
The worm attempts to prepend itself to all the .exe files it finds in the Windows folder and C:\Program Files\Mirc\Download folder. Due to bugs in the worm's code, this threat may crash the computer or corrupt files in these folders. Then, the worm restarts the computer.
Type: Worm
Infection Length: 32,768 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
I repeat part of the writers message.. If virii wern't so serious this one could be considered funny..When W32.Sahay.A@mm is executed, it does the following:
1. Copies itself to C:\MathMagic.scr.
2. Creates the file %Windir%\Yahasux.vbs, which performs the email routine (described below), and then deletes itself.
NOTE: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
3. Checks for characteristics of the W32.Yaha family of worms. If W32.Sahay.A@mm finds any, it attempts to remove the worm, and then display this message:
Title: Exchange viruses?
Message: Hi there.. it seems you were infected with Yaha.k. That worm however, written by an idiot who sPeLlS lIkE tHiS,abused my website and got me toreceive the complaints. Therefore, I have just disinfected you.Don't worry tho.. as I didn't wanna steal from you, I gave you this virus (Win32.HLLP.YahaSux) in return
Greetz,
Gigabyte [Metaphase VX Team]
4. Prepends itself to the .exe files in the Windows folder and in the C:\Program Files\Mirc\download folder.
5. Restarts the computer
CheersI have just disinfected you.Don't worry tho.. as I didn't wanna steal from you, I gave you this virus (Win32.HLLP.YahaSux) in return