Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"c:\recycled\rsht.exe" Is "win32/yaha.e" Worm. Not Cleaned.


  • Please log in to reply
4 replies to this topic

#1 angang

angang

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 19 January 2007 - 10:45 PM

i installed EZarmor antivirus on my personal computer, went through the entire process without any problems, restarted my computer like it suggested and immediatedly this is where the problem started. When i try to click on any icon on my deskstop screen, this message pops up on the screen in a white box--"c:\recycled\rsht.exe" is "win32/yaha.E" worm. Not cleaned. I have called my internet provider several times and they have tried several things to help me, which haven't worked.

Please let me know if you have any ideas to help me! I am new to bleeping computer and really am not very computer literate at all. :thumbsup: please explain things to me in VERY basic terms. I am amazed at people who work on computers! Anyways, thank you for your help!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 PM

Posted 20 January 2007 - 07:40 AM

Download and run the BitDefender AntiYahaa tool for Win32.Yahaa.E@mm.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 PM

Posted 20 January 2007 - 04:25 PM

I received you pm. Please post in the thread you started here so others can benefit as well. If you cannot connect to the Internet then you will need to get access to another computer (family member, friend, etc), download the tool from there, save it to a usb stick or CD and transfer it to your computer.

If thats the case, then also download the following programs as well:
Sysclean Package. Be sure to print out the How to use Sysclean Package Instructions.
Virus Pattern Files (lptXXX.zip).
DrWeb-CureIt.
HijackThis 1.99.1. This is a self-extracting version which will automatically install HJT in the proper location if we need to use it. DO NOT use or fix anything with this tool unless advised.

If the BitDefender tool does not help, then follow the instructions you printed out for scanning with Sysclean, followed by a scan with DrWeb-CureIt. Perform your scans in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 angang

angang
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 29 January 2007 - 05:32 PM

ok--i did all those things and they were very helpful, but i have come to a stopping point again--after i have done the sysclean.com, it goes through the process and this message pops up "Pattern File LPT$VPN. is missing, Please download a copy." I have tried to go back and look on the trend micro system cleaner to see if i've missed something, but cannot figure it out

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 PM

Posted 29 January 2007 - 06:15 PM

The "Pattern File LPT$VPN is missing" error message means you did not download and/or extract the Virus Pattern Files properly.

Download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number) & save it to your desktop. Extract (unzip) the lptxxx.zip pattern file into the same folder which you created for and placed sysclean.com. You should have created a new folder on your C: drive and renamed it Sysclean - i.e. C:\SysClean. (Click here for information on how to extract a file if your not sure how to do this. Then double-click on sysclean.com to start the scan.

When you first double-click on sysclean.com to scan, it will unpack the following files in the same folder it is run from:
sysclean.exe
tsc.bin
tsc.ini
tsc.ptn
vsapi32.dll
vscantm.bin

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file generated in the System Cleaner folder.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations. The scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users