i have infected with W32/YahLover.worm please help me to remove it manualy!!?

Question

this trojan send some links to my contacts in tahoo messenger.

big_chris_fool · Accepted Answer

AutoIt.X ~ f-secure.com
affected messengers: Yahoo! Messenger
alias: W32.Yautoit, W32/YahLover.worm, Trojan.Win32.Autoit.x, Troj/Tiotua-A
type: trojan

AutoIt.X, a variant of AutoIt, is a Trojan. AutoIt.X attempts to download and install other malware to the system and copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically.. AutoIt.X changes startup and search pages of Internet Explorer.

AutoIt.X may arrive on the system as a downloaded file via links that are spammed through Yahoo Messenger. The links have malicious Java scripts, which contain exploit code to automatically execute AutoIt.X on vulnerable machines. It exploits a vulnerability in Internet Explorer that allows remote code execution in the ADODB Stream object in ActiveX control. The malicious Java scripts are detected as Exploit.JS.ADODB.Stream.e.

AutoIt.X may use any of the following message strings:

* Ai muon diet virut thi` vao day, ba` kon du`ng co' click vao nhung site khac nhe ... http://chendang.net/ng[REMOVED]
* Bay gio` bu`n wa' chang biet lam gi` , gui? ta.ng ba kon trang nay vao choi... http://chendang.net/ng[REMOVED]
* Cha` cha` !!! Ai ma` bi con virus thi` vao day ma` diet no diiiiii ... http://chendang.net/ng[REMOVED]
* Con gai nha ai ma` xinh the ko biet nua~ , dep ghe vao day di ... http://chendang.net/ng[REMOVED]
* Dem nay ko co em , dem dai bong nhien day hon huhu (... http://chendang.net/ng[REMOVED]
* Gio phai lam gi tiep theo day pa kon giup tui voi ... http://chendang.net/ng[REMOVED]
* Me kiep ghet nhat la thang nao` ma` choi con virut do' , ai bi vao day xoa no nhe'... http://chendang.net/ng[REMOVED]
* Nha'm chen dang an ti`nh nay ma lo`ng nguoi nao co hay !!! Van biet yeu thuong la` tro` dua` ma` minh van me say )... http://chendang.net/ng[REMOVED]
* Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... http://chendang.net/ng[REMOVED]
* Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau? http://chendang.net/ng[REMOVED]


This is done by searching for the string title "Yahoo! Messenger" in the Windows Title Bar. When the string found, AutoIt.X will secretly and randomly input any of the above messages, every 180 seconds.

The links in the messages direct to script pages that may contain any of the following download sites:

* http://www.chendang.net/nguyen/[REMOVED].exe
* http://www.sukien.org/love/[REMOVED].exe.........................................


read more @ http://www.f-secure.com/v-descs/autoit_x.shtml 


AutoIt.D 
AutoIt.D ~ f-secure.com
affected messengers: Yahoo! Messenger
type: trojan

AutoIt.D may arrive on the system as a downloaded file via links that are spammed through Yahoo Messenger.

It may use any of the following message strings:

* A new dangerous computer virus that can destroys all your data has just been released . Click here to know how to avoid it : http://www.geocities.co.jp/ie_[REMOVED] <<
* Cac ban co the tranh bi nhiem cac loai virus online gan day bang cach update Windows . Vao day de biet cach Update Win ma ko can ban quyen Windows xin: http://www.geocities.co.jp/ie_[REMOVED]
* cai dit con me may day . Lua tao a` ? Xem di : http://www.geocities.co.jp/tha[REMOVED] X-(
* cool girls : http://www.geocities.co.jp/tha[REMOVED] :x:x:x:x:x
* di'nh virus ru`i =)) du`ng cai nay ma diet na`y : http://www.geocities.co.jp/ie_[REMOVED]
* Download free MP3s : http://www.geocities.co.jp/tha[REMOVED] <<
* ha`i dek chiu dc =)) http://www.geocities.co.jp/tha[REMOVED] =)) =))
* have you ever seen such a silly man like this ? http://www.geocities.co.jp/tha[REMOVED] =))
* Just check out my new personal website : http://www.geocities.co.jp/tha[REMOVED] C00l !!!
* Let's vote for Miss Vietnam - Mai Phuong Thuy - for the upcoming Miss World championship : http://www.geocities.co.jp/tha[REMOVED] !!
* making money online never be easier : http://www.geocities.co.jp/tha[REMOVED] >:D<
* Now you can avoid some critical online viruses by updating Windows . Click here to know how to Update your Windows : http://www.geocities.co.jp/tha[REMOVED]
* the only way to clean some online viruses that may lead you into troubles : http://www.geocities.co.jp/ie_[REMOVED] <<
* Use this tool to remove the viruses from your PC : http://www.geocities.co.jp/ie_[REMOVED] <<
* wtf is this ? Wanna give me a ***** ? http://www.geocities.co.jp/tha[REMOVED] X-( <<


This is done by searching for the string title "Yahoo! Messenger" in the Windows Title Bar. When the string found, AutoIt.D will secretly and randomly input any of the above messages, every 80 seconds.

The links in the messages direct to script pages that may contain any of the following download sites:

Zenia · Answer

2

nevian · Answer

Why waste time and energy? Download and use Windows malicious software removal tool (the latest one) simply fast and effective

987654321abc · Answer

download antivir
run it

Trending News

i have infected with W32/YahLover.worm please help me to remove it manualy!!?

4 Answers