Path : %SYSTEM%\Exeldr32.exe [ C:\Windows\System32\Exeldr32.exe ]
type : Internet
Alias : I-Worm.Lentin.gen,
W32/Yaha-T, W32/Yaha.T@mm, Yaha.T
level : Low
Exeldr32.exe is the main
component dropped by Yaha.T worm. It is
a mass mailing worm uses e-mail addresses stored
in Windows Address book and also collects
addresses from .ht* files to distribute infected
messages. It also spreads through MSN messenger
list, ICQ list and Yahoo pager list.
arrives as an e-mail attachment with random
message subject and message body. The SMTP server used to
send the emails is chosen either from the
registry or from the list inside the worm body.
If the infected e-mail
attachment is executed, it copies itself to
Windows system folder with multiples file names
as given below. The worm copies with hidden
After that it modifies
the registry to load automatically whenever an
"EXE" file is executed. The registry
key modified will be
also modifies registry run section to load
automatically on the next machine start.
When active in memory it
will disable antivirus programs. If you
have deleted the worm file before fixing the
registry entries your applications will NOT work
properly. In that case you can fix the
registry entries using YahaRegFix tool. Instead of
deleting the worm file manually, you can use Solo
trial version to remove Yaha.T worm safely.
How can I protect my
Solo has incorporated
EXELDR32.EXE in its signature file to protect
users from this worm attack. Solo antivirus
registered users are already protected from this
worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
you are already infected with EXELDR32.EXE process,
you can remove it from your computer using Solo
Antivirus software. Solo antivirus can
detect and remove W32.Yaha.T@mm safely.
Use the following link to Download 30 day
trial version of Solo antivirus to
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VBS, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link