VACM: YAHA kicks in on Monday - Removal tool available

Automated PC Solutions
VACM - Virus Alerts for the Common Man

get it now: #1 AntiSpyware #1 AntiVirus #1 Personal Firewall

VACM Home VACM Links APCS Home

bookmark this page:

YAHA kicks in on Monday - Removal tool available

Your old boxes are worth CASH $$... Click to learn more...

Electronics
Bargains

VACM Home

VACM How-To Movie: Learn how to Remove Spyware from your PC for free (really!). Click to Watch the video.

Greetings from The VACM Team,

In This Issue:
----------------------
- YAHA kicks in on Monday - Removal tool available

You are free to forward this critical information to anyone
you wish as long as it is not modified in any way.

BONUS HOW-TO MOVIE!
You have SpyWare on your system sending your private information (usernames, passwords, credit cards, etc.) to people you don't know!
Watch our Spyware Remove How-To movie for a simple and absolutely FREE way of removing SpyWare from your PC.
You will probably be amazed at how much spyware is on your system, if you are like most of our clients.

***************************************************
* The Bottom Line...
***************************************************
Security experts are getting the word out about new variants
of the Yaha worm, which appeared just before Christmas.
Experts are worried that Yaha will spread quickly when the
world returns to work on Monday after the holidays (1/6/03).

Yaha arrives as a double attachment with a .exe or .scr suffix.
See the "Disable Hiding Of File Extensions" article on the
VACM Archives page so that you will
not be fooled by what appears to be the file extensions. The
default Windows setting is to hide the ".EXE" and ".SCR" file
extensions. So, if you get a file attachment called
MyDog.JPG.EXE, and you have extension hiding enabled, you will
assume that the attachment is simply "MyDog.JPG", a harmless
picture, when in fact it is a virus that will run if you
double-click on it.

The worm has its own SMTP engine and distributes itself to
all addresses in Windows Address Book, MSN Messenger and
.Net and Yahoo Messenger software. A secondary payload
attempts to use the infected computer to launch a denial
of service attack against a Pakistani government domain,
infopak.gov.pk.

***************************************************
* What You Should Do
***************************************************
1. Make sure your antivirus subscription has not run out and that
your virus definitions are completely up to date.

2. Be absolutely sure that your antivirus's "Real Time" virus
scanning is enabled.

3. Re-read the "Fear No Attachment" VACM Alert to learn how to
deal with attachments safely. The article is at:

http://www.apcsnh.com/vacm/vacm090501.html

***************************************************
* If you get infected by YAHA...
***************************************************
The Sophos YAHA removal tool can be downloaded here:

http://apcsnh.com/vacm/tools/yahatool/rmyahsfx.exe

Be sure to grab the tool's instructions here:

http://apcsnh.com/vacm/tools/yahatool/readrmya.txt

RMYAHA is a utility for disinfecting the W32/Yaha-E, W32/Yaha-K
and W32/Yaha-L worms.

Download the RMYAHA utility on an uninfected PC. This
file is available for download as a self-extracting
archive, rmyahsfx.exe.

Read the RMYAHA notes for instructions on how to use the
RMYAHA to disinfect the W32/Yaha worms.

The W32/Yaha family of worms spread via email.
The worms have their own SMTP client software or they will use
your own system's SMTP server.

Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

Why should you be very
concerned about Spyware?

Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
VACM Links to Protection Tools and Softwares

Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

Old Shotgun Shell Boxes
are collector's items and
worth good money!
(yes... just the empty boxes)

get your
ShotShell BlueBook
price guide
now.

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

******** APPENDIX - Handy How-To Tips **********

* How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message. In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode". This can be
a little tricky the first time you do it.