Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


MSMDM.EXE PROCESS INFORMATION

Process Name  : Msmdm.exe

Process Path : C:\Recycled\msmdm.exe [ C:\Recycled\msmdm.exe ]

Process type    : Internet Worm

Malware Name : W32.Yaha.A@mm

Alias             : I-Worm.Lentin.a, W32/Yaha-A, WORM_YAHA.A

Threat level : Low

Process Details :

                     Msmdm.exe is the main component dropped by Yaha. It is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .ht* files to distribute infected messages.

                     Yaha arrives as an e-mail attachment, message subject will be
"Melt the Heart of your Valentine with this beautiful Screen saver
or Fw: Melt the Heart of your Valentine with this beautiful Screen saver". The attachment name will be "valentin.scr".

                     The SMTP server used to send the emails is chosen either from the registry or from the following list inside the worm body:

webproxy.teaorcoffee.com.tw
supab.stn.sh.cn
sitic.com.cn
server.benmoss.com
pokkant1.pokka.com.sg
pdc.hrserve.com.tw
outmail.dongfang-china.com
ns.sillim.hs.kr
ns.binter.cl
microimportservice.com
mailsvr.hanace.co.kr
mailserver.kaimi.com.cn
mail.yinda.com.cn
mail.win-tex.com
mail.pusanpaik.or.kr
mail.cmr.com.cn
mail.clinicasanborja.com.pe
luckybusan.com
linux2.ele-china.com
crato.urca.br
ahbb.net
ntserver1.pascon.com
toad.com
mailinx.nettlinx.com
www.sztge.com.cn

                     If the infected e-mail attachment is executed, it runs as a scren saver but also copies itself to C:\recycled with the filenames msmdm.exe and msscra.exe.
the worm code executed first. After that it activates the corresponding application. The worm is loaded automatically by changing the following keys in the registry.

HKEY_CLASSES_ROOT\exefile\shell\open\command

                     Yaha worm doesn't contain any destructive payloads. But if you have deleted the worm before fixing the registry your applications won't work.

                   W32.Yaha.A@mm creates the file "MSMDM.EXE" in Recycled folder. The presence of this file ensures you are infected with this worm. Yaha Worm changes registry keys when infecting the machine and it should be fixed before deleting the main worm file "MSMDM.EXE" stored in Recycled folder.

How can I protect my system?

                   Solo has incorporated Msmdm.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with Msmdm.exe process, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Yaha.A@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link