Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


WINSERVICES.EXE PROCESS INFORMATION

Process Name  : WinServices.exe

Process Path : %System%\WinServices.exe" [ C:\Windows\System32\WinServices.exe ]

Process type    : Internet Worm

Malware Name : W32.Yaha.K@mm

Alias             : I-Worm.Lentin.I, W32/Yaha-M, WORM_YAHA.K, Yaha.K

Threat level : Low

Process Details :

                     Winservices.exe is dropped by Yaha.K when the infected mail attachment is executed. It is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .ht* files to distribute infected messages. It also spreads through MSN messenger list, ICQ list and Yahoo pager list.

                     Yaha.K arrives as an e-mail attachment with random message subject and message body. The SMTP server used to send the emails is chosen either from the registry or from the list inside the worm body.

                     If the infected e-mail attachment is executed, it copies itself to Windows system folder with multiples file names as given below. The worm copies with hidden attribute. 

WinServices.exe. 
nav32_loader.exe
tcpsvs32.exe

                     After that it modifies the registry to load automatically whenever an "EXE" file is executed. The registry key modified will be

HKEY_CLASSES_ROOT\exefile\shell\open\command

It also modifies registry run section to load automatically on the next machine start.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"WinServices"= C:\%System%\WinServices.exe 

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices 
"WinServices"= C:\%System%\WinServices.exe 

                     When active in memory it will disable antivirus programs. If you have deleted the worm file before fixing the registry entries your applications will NOT work. In that case you can fix the registry entries using YahaRegFix tool. Instead of deleting the worm file manually, you can use Solo trial version to remove Yaha.K worm safely.

How can I protect my system?

                   Solo has incorporated WinServices.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

Important Note:

If you are already infected with Yaha.K worm, it will not allow Solo scheduler to download update. If the Solo scanner is not loading, we request you to uninstall the older version. Then download and install the new version from our site to remove the worm.

How to remove this worm?

                   If you are already infected with WinServices.exe, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Yaha.K@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link