Kesh Zone: Hacked by Yahaa, Your Firewall is F**k

Wondering why that topic title didn't make any sense? Well, I'm sure most of you knew what the heck that sentences mean actually. Hehe, its a new attack which even anti-virus software cannot detect it. I don't know about other anti-virus software but I'm using Norton Antivirus 2006. I guess its a script which changes the computer setting and as a result your PC will become slower and slower everytime you ON your machine (which was told by the victim :p). The file's name is 'autoupdate.dll.vbs' which of course is hidden. Its usually spread by thumb drive. As far as I seen the symptoms are:

right click on your My Computer and click Properties, you can see your product ID will changed to xxxx and not in numbers.
then, if you see the informations in systems it will changed to 'Hacked by Yahaa, Your Antivirus is F**k'
same also if you use IE, on top of the IE that 'Hacked by Yahaa, Your Firewall is F**k will be there and,
finally your PC will be slow after that :P

So, what I written here is what I saw with my own eyes. There might be other symptoms also, and these are clearly visible.

Hmm, then how to counter attack this bastard :P Easy just reformat, naaaahhh just kidding. I was attacked by this stupid thing and I just bring my laptop to previous condition by using System Restore (Program Files>Accessories>System Tools>System Restore)..Easy as pie..

As a precaution, you can 'scan' your thumb drive using Command Prompt and delete through it. Believe me your anti-virus cannot detect it, and if there is any anti-virus software can detect it, let me know..cheers

p/s: Let me know if there is any problem regarding this matter.

6 comments:

Anonymous said...: hi there..
actually, this thing is NOT a virus..it's just a malicious VBS script, edited by a *lame* person...the original script named "HACKED BY GODZILLA"..but there's an additional entry on that script that will change your computer owner's name, product registry number, etc..just search on the registry for "HACKED by yahaa" and delete the string, then search again for the FUCK thing and the xxx...alter the registry as u wish..and the problem's solved!..don't forget to search for the string "autoupdate.dll.VBS" and delete every fuckin entry of it..

-aLzy5t3r0n-; February 5, 2007 at 9:30 PM
k3sh said...: Geez..thanks alot..i'll post this thing..:); February 5, 2007 at 9:47 PM
Unknown said...: i still a noob in computing and my thumb drive has been infected by yahaa..i would like to know how to scan my thumb drive in DOS prompt coz im not familiar with it??

another question is will the 'hacked by yahaa' stuff still affect other computer after i delete the entry in "autoupdate.dll"?; February 8, 2007 at 12:38 PM
k3sh said...: Hi Adrian,
Well there is another way to delete autoupdate.dll.vbs file in thumb drive
1. instead double click on your thumb drive, right click on it and open.make sure you show hidden files and u can c the autoupdate.dll and autorun.delete both. ur thumb drive clean. you can use this way.
WARNING!!! No double click, use right click and open.

2. Yahaa thing affect other PC tru thumbdrive. so if you do like s i said up der. you PC won get infected. :); February 8, 2007 at 5:50 PM
Unknown said...: thanks kesh, for the info...i manage to clear out the yahaa malicious script from my thumbdrive and some computers (quite a number of my friends comp been infected)..

thanks again; February 26, 2007 at 10:32 AM
k3sh said...: Well now you can help your friends now Adrian? :); March 6, 2007 at 12:47 PM