Alias
-
WORM_YAHA.N
-
W32/Yaha.t@MM
Sistemas operativos afectados
Instrucciones de recuperación:
Siga las instrucciones para eliminar gusanos.
The registry changes made by W32/Yaha-T should be reversed before files containing the worm are deleted.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
and delete any references to MicrosoftServiceManager = <Windows system>\WINTSK32.EXE.
MicrosoftServiceManager = <Windows system>\WINTSK32.EXE
Locate the HKEY_CLASSES_ROOT key:
HKCR\exefile\shell\open\command
delete only the path to the worm. Do not delete anything else.
After deleting the text the key should look like this
HKCR\exefile\shell\open\command\(default) = "%1" %*
Close the registry editor.
Installing the patch
Microsoft has issued a patch which secures against the incorrect MIME header vulnerability and the IFRAME vulnerability. This can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.)
Please follow the instructions for removing worms.