Worm

Should I remove “Worm.Yah”?

Malware Removal

The Worm.Yah is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Yah virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to stop active services
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior

How to determine Worm.Yah?



File Info:

name: D0340B06696B246590F3.mlw
path: /opt/CAPEv2/storage/binaries/f63ed53907410d82cc8c6dc2f79ec1639aa864cfd2da4872d306a4c8b681bee1
crc32: 776EC303
md5: d0340b06696b246590f3d8d15421fd51
sha1: c17251b33639a52527e801a650a5bdbde816521d
sha256: f63ed53907410d82cc8c6dc2f79ec1639aa864cfd2da4872d306a4c8b681bee1
sha512: e5b1b864aa4b3568670daf3859cf9963bbcb9c9ad1ef5b6be8d03c5a65174a61b0356ed99a03c7e76ab513f4d7294528255762ac87e4dfd1d391b5ff84c40281
ssdeep: 6144:UTwvo1IV3puaibGKFHi0mofhaH05kipz016580bHFKT686JQPDHDdx/QtqR:KVgvmzFHi0mo5aH0qMzd5807FvPJQPDV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13764C03AB780C8F2C485803176996E136EF56C701625EA67DB60CE0A3EF55E4D72A34F
sha3_384: 97ac82a976d747ee3dbf38605c5a58b5c96749c0d6c1bf556449c4c31146e89660fc42d2ee51607a12d48db3a3da33bd
ep_bytes: 6a6068f8b74200e8edf7ffffbf940000
timestamp: 2009-12-21 09:15:06


Version Info:

0: [No Data]

Worm.Yah also known as:

BkavW32.RontokbroLH.Worm
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Pykspa.1
FireEyeGeneric.mg.d0340b06696b2465
CAT-QuickHealWorm.Pykspa.C3
ALYacGen:Variant.Pykspa.1
CylanceUnsafe
VIPRETrojan.Win32.Generic!SB.0
K7AntiVirusTrojan ( 003da8d71 )
K7GWTrojan ( 003da8d71 )
Cybereasonmalicious.6696b2
BaiduWin32.Worm.Autorun.o
CyrenW32/Pykspa.A.gen!Eldorado
SymantecW32.Pykspa.D
ESET-NOD32Win32/AutoRun.Agent.TG
APEXMalicious
ClamAVWin.Worm.Autorun-437
KasperskyWorm.Win32.Yah.a
BitDefenderGen:Variant.Pykspa.1
NANO-AntivirusTrojan.Win32.AntiAV.dsnxsg
SUPERAntiSpywareTrojan.Agent/Gen-SpamBot
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazp+n5wad6oGHKEMZrdpDqtZ)
Ad-AwareGen:Variant.Pykspa.1
TACHYONTrojan/W32.Vilsel.327680.G
SophosML/PE-A + W32/Skyper-B
ComodoWorm.Win32.Autorun.Agent_TG0@1isiwy
DrWebTrojan.Kypes.2
ZillyaBackdoor.PePatch.Win32.23386
TrendMicroTROJ_VILSEL.SMO
EmsisoftGen:Variant.Pykspa.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Pykspa.1
JiangminTrojan/Vilsel.cgx
WebrootW32.Trojan.Gen
AviraTR/BAS.Samca.ugkct
Antiy-AVLTrojan/Generic.ASMalwS.2ADE
KingsoftHeur.SSC.1767.1216.(kcloud)
ViRobotTrojan.Win32.AntiAV.Gen.A
MicrosoftTrojan:Win32/Dinwod.A!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zepfod.R397
Acronissuspicious
McAfeeW32/Pykse.worm.c
MAXmalware (ai score=86)
VBA32Worm.Yah
MalwarebytesTrojan.Vilsel
TrendMicro-HouseCallTROJ_VILSEL.SMO
TencentTrojan.Win32.BitCoinMiner.la
IkarusTrojan.Agent
eGambitUnsafe.AI_Score_100%
FortinetW32/Agent.XEK!tr
BitDefenderThetaGen:NN.ZexaF.34294.umW@auZq79b
PandaW32/SpySkype.E
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureBackdoor.Zepfod.A

How to remove Worm.Yah?

Worm.Yah removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment