W32.Opaserv.Worm

hooloovoo · Post by **hooloovoo** » 29 Mar 2003, 12:41

Anyone know anything about W32.Opaserv.Worm?
 If so, you probably know more than Symantec. Their website explains how to remove the Worm and how to update Windows with a securtiy fix that is supposed to stop all future infections by this worm.
 But that has not helped.
 I have 2 networked PCs and only one is ever infected with the worm.
 I recently decided to replace the HD of one of the PCs (the one that always gets infected). So I figured the worm would be removed completely after replacing.
 But the second I re-networked the two PCs after re-installing (Win Me) the Worm came back.
 It would obviously seem that the other PC is also infected and so the worm has spread through the network, but according to Norton Antivirus 2003 the Pc that never gets infected does not have any worm or virus or trojan or any other file that has a funny smell (viruses usually smell of blue-cheese, worms smell of rancid morning breath and trojans smell of dead rats - btw that´s how antivirus programs work: they smell files).
 Norton Antivirus constantly brings up the screen explaining that my PC is infected.
 Some how or other the Opaserv worm causes other infected files to be downloaded from the internet. These files are infected with other viruses/worms like "Dupator", "FunLove","Spaces" etc.
 It I use the windows app netstat to check my connections while on the internet I notice that my computer is constantly re-connected to an IP address that is probably where the new viruses are downloaded from.
 
 Can someone please advise me how to get rid of this worm?
 <IMG SRC="images/forum/smilies/icon_confused.gif"> [ Edited by hooloovoo On Date March 29, 2003 ]

mr_xtc · Post by **mr_xtc** » 29 Mar 2003, 14:26

mmmm I like to refresh your way of hunting viruses... not really help because I don´t think I had that virus yet.. (tough wood and pray I never will)
 
 Even though everyone prefer symantic... I also like to use a program called "Trojan Remover" It is not as good as norton, but it pick up some viruses and worms and trojans that norton does not... especially keyloggers and dialers.
 
 if that does not work then check your startup programs... and your startup internet page.
 I had a dialer that changed my startup page and reinstalled from the net every time I connect. It was hell finding the bloody thing, but I won.. (so far)
 
 hope this useless info helps you... (you can get trojan remover from kazaa... )

Post by **Synkronos** » 29 Mar 2003, 17:54

A quote from the symantec site...
 
 Removal using the W32.Opaserv.Worm Removal Tool 
 This is the easiest way to remove this threat. Symantec Security Response has created a <A HREF="http://securityresponse.symantec.com/av ... aserv.Worm Removal Tool</A>. Click <A HREF="http://securityresponse.symantec.com/av ... html">here </A>to obtain the tool.

freakno1 · Post by **freakno1** » 19 Apr 2003, 16:59

the only wat to get rid of it is by a bit of work and stop doing stupid things
 
 1. in regedit search under the run key and remove it there
 2. in win.ini remove line loading virus access own machine via ip address eg start run \127.0.0.1
 check all you shares remoove all local shares before restarting check that all regrstry keys and ini entrys haven´t returned
 
 restart pc in safe mode and delete c:windowsscrsvr.exe
 
 tadaa

brabham · Post by **brabham** » 20 Apr 2003, 02:48

I had the same problem at work. The removal tool from the Symantec site worked fine for me too. Never had another problem as long as the patch is installed. I physically pulled out all the network cables from all machines before using the removal tool. I ran it on all machines even those I thought were clean (they were not). After that plugged all the cables back in and viola. No more opaserv worm. Double checked all PC´s and all was fine.

snipeers · Post by **snipeers** » 25 Apr 2003, 18:49

<TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD>Quote:<HR></TD></TR><TR><TD><BLOCKQUOTE>
 On 2003-03-29 12:41, hooloovoo wrote:
 Can someone please advise me how to get rid of this worm?
 <IMG SRC="images/forum/smilies/icon_confused.gif">
 
 [ Edited by hooloovoo On Date March 29, 2003 ]
 </BLOCKQUOTE></TD></TR><TR><TD><HR></TD></TR></TABLE>
 get yourself a Mac. <IMG SRC="images/forum/smilies/icon_rolleyes.gif">

Post by **Thrall** » 19 Jun 2003, 12:57

Golden rules for dealing with Opaserv:
 
 1. Disconnect from the LAN and unshare any shared directories.
 2. If Win95/8 or ME, install MS´s patch from <a href="http://www.microsoft.com/technet/treevi ... 00-072.asp" target="_blank">http://www.microsoft.com/technet/treevi ... sp</a>
 3. If Win ME or Xp, disable and clear the System-Restore function, because Opaserv hides in here.
 4. Empty the Recycle Bin - and if it´s Norton-protected, clear the Norton-protected files. Opaserv hides in here as well.
 5. Scan your system with up-to-date AV tools and make sure the contents of any .Cab files are scanned - yeah, Opaserv hides in those too.
 
 That´s about all I can remember of the little bugger´s tricks for the mo.