Results 1 to 2 of 2

Thread: ** Sahay *** worm/virus

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002

    ** Sahay *** worm/virus

    Seems this one is getting a bit of distribution... Note the name is Yahas spelt backward.. Original huh.. but check the second quote.. could this be the start of another trend.. Revenge Virii?

    Edit: Failed to insert source of info sry..
    found here: http://securityresponse.symantec.com...ahay.a@mm.html

    W32.Sahay.A@mm is a mass-mailing worm that sends email messages to all the addresses in the Microsoft Outlook Address Book. The email message has the following characteristics:

    Subject: Fw: Sit back and be surprised..
    Attachment: MathMagic.scr

    The worm attempts to prepend itself to all the .exe files it finds in the Windows folder and C:\Program Files\Mirc\Download folder. Due to bugs in the worm's code, this threat may crash the computer or corrupt files in these folders. Then, the worm restarts the computer.

    Type: Worm
    Infection Length: 32,768 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux
    now get this

    When W32.Sahay.A@mm is executed, it does the following:

    1. Copies itself to C:\MathMagic.scr.
    2. Creates the file %Windir%\Yahasux.vbs, which performs the email routine (described below), and then deletes itself.

    NOTE: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

    3. Checks for characteristics of the W32.Yaha family of worms. If W32.Sahay.A@mm finds any, it attempts to remove the worm, and then display this message:

    Title: Exchange viruses?
    Message: Hi there.. it seems you were infected with Yaha.k. That worm however, written by an idiot who sPeLlS lIkE tHiS,abused my website and got me toreceive the complaints. Therefore, I have just disinfected you.Don't worry tho.. as I didn't wanna steal from you, I gave you this virus (Win32.HLLP.YahaSux) in return

    Gigabyte [Metaphase VX Team]

    4. Prepends itself to the .exe files in the Windows folder and in the C:\Program Files\Mirc\download folder.
    5. Restarts the computer
    I repeat part of the writers message.. If virii wern't so serious this one could be considered funny..
    I have just disinfected you.Don't worry tho.. as I didn't wanna steal from you, I gave you this virus (Win32.HLLP.YahaSux) in return
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Here is a link for free Anti-Virii Tools...
    If you can't afford Norton, maybe Bit Defender can help :-)
    yeah, I\'m gonna need that by friday...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts