I first suspected there was somthing wrong when Norton Antivirus didnt load with windows, but i ignored it. I kept going, but found my PC going slower than usual, and the internet was screwy, like pics missing, pages not loading, slow speeds, downloads stopping.

I was pissed, so I tried to open Norton. It wouldnt open! So i hit CTRL+ALT+DEL and found 2 new things that I have never installed, nor seen b4 (one may be for my mouse, cuz i installed that) they were:

TCPsvs32 -and-
Winservices

So I went to a program I downloaded that turns off things that startup with my pc. I would diable Winserveces (it has a heart .gif next to it), and it just kept re-appearing! It was under two different tabs too!

So i went and downloaded mcafee demo. It wont load! It starts to install, but then just quits with no messages or anything.

So i went to REGEDIT, it popups, stayes there for 3 seconds, and closes too!

I looked and it says its under C:\Windows\System\winservices.exe , So i look there, and there is no such file. I looked in my startup folder too, its not there. I used FIND, its not to be found.

I ran ADWARE, and it didnt find it either! This file is invisible.

So in total, i tried:

Norton Antivirus (Wouldnt load)
McAfee Viruscan (Wouldnt Install)
ADWARE (Coulnt Find It)
Startup Control Panel (Just kept comming back)
REGEDIT (Would close on me)
FIND (Couldnt find it)
Searching throufgh my pc (Not There)

Would someon please help me?

Also, I cant close it throgh CTRL+ALT+DEL, it just runs again!

sorry to say but it seems you have the
W32.Yaha.K@mm worm

have a look http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html

go to srnmicro.com and get a copy of solo antivirus and clean the worm .. you will noit be able to get norton to work .. you will most likely have to do a clean install of it again after you clean your system .. hope it helps

You will probably have problems trying to install and run any .exe's. To fix this, first go here and download and run exefix08.com. It will repair the .exe file associations. Then follow hylian_lynk's instructions.

http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html

I tried both suggestions, and neither worked. Halfway through the symnatech(spelling?), the regestry kept changing itself back, so I still couldnt run the viruscan, or install a new one!

PLEASE HELP ME

since you can't actually install anything, then get a copy of the F-Prot DOS virus scanner ( check here http://www.f-prot.com/download/ )
then extract it to a folder and then boot into dos and run it .. you can also fit it on a floppy somehow there was a previous poston how to do this. You have to clean the worm other wise you will have to format .. but that would be a last resort.
F-prot should do the job .. i hope it works , take care .. let me know what happens

Hello,

You are infected with New YAHA.K variant. Try Solo antivirus ( www.srnmicro.com ) The only antivirus software works effectively when the virus is active in memory!. Others fails to remove when the virus is active in memory.

Best of luck.

Try the registry thing again, mine changed back a few times as I have just had this virus! but it worked in the end as long as u follow the instructions EXACTLY!!

None of these helped me, but I did solve the problem my own way.

For Future Refrence to anyone else who gets this virus:

Instructions to remove the w32.yaha.k@mm worm:

1- Restart your computer in Safe Mode

2- Go to your windows system folder. In windows 9x, this is c:\windows\system\. The folder system32 is NOT the same thing.

3- At the top of the window, go to VIEW > FOLDER OPTIONS. When you get there, click on the tab that says VIEW. Then, click on the radio button labeled "Show All Files" under the Hidden Files category. Click Apply, then Ok.

4- Hit the keys CTRL+ALT+DEL and click on Winservices and hit End Task. Hit CTRL+ALT+DEL again, and click on TCPSVS32 and hit End Task.

5- Look through your Windows System Folder, and delete the files Winservices.exe, Nav32_loader.exe and TCPSVS32.exe. These 3 files should (but may not) have a blue heart as an icon.

6. Go to START > RUN and type in REGEDIT.exe . When this loads, go to HKEY_LOCAL_MACHINE > SOFTWARE > CLASSES > EXEFILE > SHELL > OPEN > COMMAND. (*NOTE* The folder labeled .exe is NOT the same as exefile. Continue to scroll down until you find the exefile folder.) Double Click on the one that says DEFAULT on the right side. Where it says Value Data, erase what it says and put in "%1"%* (quote-percent-one-quote-percent-asertek[star]). Close Regedit.

7- Now run your antivirus software. Make sure it is up to date. It should work now.

8- When the viruscan is done (it may not find any infected files, thats fine.) restart your computer normally.

That is how I fixed the virus. As for Viruscan, I reccommend using McAfee. Also, try Norton Antivirus, although McAfee is better.

I have the same problem as mentioned above. I deleted the three files(Winservices.exe, Nav32_loader.exe and TCPSVS32.exe.)and all .scr files that had a blue heart icon.

Now I seem to face a bigger problem. None of my .exe files run now. I then tried to reinstall windows through my backup. Ironically the setup file itself didnot open as it is a .exe file.

HELP ME!!!! I can't run any of my programs.

After deleteing all these files (Winservice, Tctsvs32 and nav32_loader), Restart windows. Then... While windows is loading... press F8 and start in command Prompt.... then install win98. It should fix the problem... After installing your new windows... run regedit then go to the key with the Winservices then double click it... delete the contents (Note: Dont delete Winservice... just the value of it...) it will work.

Winservices.exe is the Yaha Virus. Get the YahaRemover. It is the best. All others (including McAfee and Symantec tools)did not work for me since the virus had disabled exe file execution on my computer. YahaRemover works brilliantly!

http://www.onlinepcfix.com/virushelp/antivirus.htm

Max

A ha! To fix this problem, copy regedit.exe to reg.com

INSTR: Go to dos or a dos prompt. type in copy c:\windows\regedit.exe c:\windows\reg.com

run windows, go to START > RUN and type in c:\windows\reg.com

And follow instruction # 6 taking away the first line.