Hello, I have this virus on my pc at the moment and i have tried all sorts of things to get rid of it and lots of different antivirus software, but nothing can actually delete the virus properly. The information about the virus is here http://www.europe.f-secure.com/v-descs/yaha_e.shtml. Can anybody help me out with this one please? Thanks Andy

Andy1234, 1. If the worm has already run, you must first reverse the change that the worm made to the registry. If the worm has not run, go to step 2. a. Configure Windows to show all files. b. Copy Regedit.exe to Regedit.com (in most cases). c. Edit the registry and reverse the change that the worm made. 2. Update the virus definitions, run a full system scan, and delete all files that NAV detects as W32.Yaha.E. For detailed instructions on how to do this, see the sections that follow. To configure Windows to show all files: 1. Start Windows Explorer. 2. Click the View menu (Windows 95/98/NT) or the Tools menu (Windows Me/2000/XP), and then click Options or Folder options. 3. Click the View tab. 4. Uncheck "Hide file extensions for known file types." 5. Do one of the following: Windows 95/NT: Click "Show all files." Windows 98: In the Advanced settings box, under the "Hidden files" folder, click Show all files. Windows Me/2000/XP: Uncheck "Hide protected operating system files" and under the "Hidden files" folder, click "Show hidden files and folders." 6. Click Apply, and then click OK. To copy Regedit.exe to Regedit.com: Because the worm modified the registry so that you cannot run .exe files, you must first make a copy of the Registry Editor as a file with the .com extension, and then run that file. 1. Do one of the following, depending on which version of Windows you are running: Windows 95/98: Click Start, point to Programs, and click MS-DOS Prompt. Windows Me: Click Start, point to Programs, point to Accessories, and then click MS-DOS Prompt. Windows NT/2000/XP: a. Click Start, and click Run. b. Type the following and then press Enter: command A DOS window opens. c. Type the following and then press Enter: cd \winnt d. Proceed to the next step. 2. Type the following and then press Enter: copy regedit.exe regedit.com 3. Type the following and then press Enter: start regedit.com The Registry Editor will open in front of the DOS window. After you finish editing the registry, exit the Registry Editor, and then exit the DOS window, as well. 1. Proceed to the next section, "To edit the registry and remove keys and changes made by the worm," only after you have accomplished the previous steps. To edit the registry and reverse the change that the worm made: CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to make a backup of the Windows registry for instructions. 1. Navigate to and select the following key: HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command CAUTION: The HKEY_LOCAL_MACHINE\Software\Classes key contains many subkey entries that refer to other file extensions. One of these file extensions is .exe. Changing this extension can prevent any files ending with an .exe extension from running. Make sure that you browse all the way along this path until you reach the \command subkey. Modify the HKEY_LOCAL_MACHINE\exefile\shell\open\command subkey that is shown in the following figure: Symantec.Com Tank863

Thanks for that Tank, however, it seems as though the worm is stopping me from opening 'command'. Each time i try and do it it shuts down straight away. you know anyway around this? I also use win 2000. Thanks very much for your time Andy

Andy, sorry it took so long to get back to you ... work has it's priorities.... I don't know how wind2000 works, but in XP, and other versions, you can press F* when booting and it will give you options, one which is to operate in command prompt mode. then follow the advice from above... starting with: "Type the following and then press Enter: cd \winnt Proceed to the next step. 2. Type the following and then press Enter: copy regedit.exe regedit.com" Restart you system an follow the rest of the advice... let me know how it goes... if you can't use the f8 keyy in windows2000 then use a bootdisk to boot into a command prompt setting... Tank863