Anyone know anything about W32.Opaserv.Worm?
<BR>If so, you probably know more than Symantec. Their website explains how to remove the Worm and how to update Windows with a securtiy fix that is supposed to stop all future infections by this worm.
<BR>But that has not helped.
<BR>I have 2 networked PCs and only one is ever infected with the worm.
<BR>I recently decided to replace the HD of one of the PCs (the one that always gets infected). So I figured the worm would be removed completely after replacing.
<BR>But the second I re-networked the two PCs after re-installing (Win Me) the Worm came back.
<BR>It would obviously seem that the other PC is also infected and so the worm has spread through the network, but according to Norton Antivirus 2003 the Pc that never gets infected does not have any worm or virus or trojan or any other file that has a funny smell (viruses usually smell of blue-cheese, worms smell of rancid morning breath and trojans smell of dead rats - btw that´s how antivirus programs work: they smell files).
<BR>Norton Antivirus constantly brings up the screen explaining that my PC is infected.
<BR>Some how or other the Opaserv worm causes other infected files to be downloaded from the internet. These files are infected with other viruses/worms like "Dupator", "FunLove","Spaces" etc.
<BR>It I use the windows app netstat to check my connections while on the internet I notice that my computer is constantly re-connected to an IP address that is probably where the new viruses are downloaded from.
<BR>
<BR>Can someone please advise me how to get rid of this worm?
<BR><IMG SRC="images/forum/smilies/icon_confused.gif"><BR><BR><font size=-1>[ Edited by hooloovoo On Date <br>March 29, 2003 ]</font>
W32.Opaserv.Worm
W32.Opaserv.Worm
mmmm I like to refresh your way of hunting viruses... not really help because I don´t think I had that virus yet.. (tough wood and pray I never will)
<BR>
<BR>Even though everyone prefer symantic... I also like to use a program called "Trojan Remover" It is not as good as norton, but it pick up some viruses and worms and trojans that norton does not... especially keyloggers and dialers.
<BR>
<BR>if that does not work then check your startup programs... and your startup internet page.
<BR>I had a dialer that changed my startup page and reinstalled from the net every time I connect. It was hell finding the bloody thing, but I won.. (so far)
<BR>
<BR>hope this useless info helps you... (you can get trojan remover from kazaa... )
<BR>
<BR>
<BR>
<BR>Even though everyone prefer symantic... I also like to use a program called "Trojan Remover" It is not as good as norton, but it pick up some viruses and worms and trojans that norton does not... especially keyloggers and dialers.
<BR>
<BR>if that does not work then check your startup programs... and your startup internet page.
<BR>I had a dialer that changed my startup page and reinstalled from the net every time I connect. It was hell finding the bloody thing, but I won.. (so far)
<BR>
<BR>hope this useless info helps you... (you can get trojan remover from kazaa... )
<BR>
<BR>
W32.Opaserv.Worm
A quote from the symantec site...
<BR>
<BR><B><FONT SIZE=4>Removal using the W32.Opaserv.Worm Removal Tool</FONT></B><BR>
<BR>This is the easiest way to remove this threat. Symantec Security Response has created a <A HREF="http://securityresponse.symantec.com/av ... aserv.Worm Removal Tool</A>. Click <A HREF="http://securityresponse.symantec.com/av ... html">here </A>to obtain the tool.
<BR>
<BR><B><FONT SIZE=4>Removal using the W32.Opaserv.Worm Removal Tool</FONT></B><BR>
<BR>This is the easiest way to remove this threat. Symantec Security Response has created a <A HREF="http://securityresponse.symantec.com/av ... aserv.Worm Removal Tool</A>. Click <A HREF="http://securityresponse.symantec.com/av ... html">here </A>to obtain the tool.
I thought what I'd do was, I'd pretend I was one of those deaf-mutes.
W32.Opaserv.Worm
the only wat to get rid of it is by a bit of work and stop doing stupid things
<BR>
<BR>1. in regedit search under the run key and remove it there
<BR>2. in win.ini remove line loading virus access own machine via ip address eg start run \127.0.0.1
<BR>check all you shares remoove all local shares before restarting check that all regrstry keys and ini entrys haven´t returned
<BR>
<BR>restart pc in safe mode and delete c:windowsscrsvr.exe
<BR>
<BR>tadaa
<BR>
<BR>1. in regedit search under the run key and remove it there
<BR>2. in win.ini remove line loading virus access own machine via ip address eg start run \127.0.0.1
<BR>check all you shares remoove all local shares before restarting check that all regrstry keys and ini entrys haven´t returned
<BR>
<BR>restart pc in safe mode and delete c:windowsscrsvr.exe
<BR>
<BR>tadaa
-Some times you have to leave your corner of the forest to meet new people Whinnie the poo
W32.Opaserv.Worm
I had the same problem at work. The removal tool from the Symantec site worked fine for me too. Never had another problem as long as the patch is installed. I physically pulled out all the network cables from all machines before using the removal tool. I ran it on all machines even those I thought were clean (they were not). After that plugged all the cables back in and viola. No more opaserv worm. Double checked all PC´s and all was fine.
I kill you in my dreams, I turn the other cheek during the day.
i5 2500k : ASUS P8P67 : ASUS 560ti : Antec High Current Pro 850 : 2x2GB G.Skill : 160GB + 1.5TB Seagate SATA 7200rpm : LG super multi DVD writer : Coolermaster Storm Enforcer
i5 2500k : ASUS P8P67 : ASUS 560ti : Antec High Current Pro 850 : 2x2GB G.Skill : 160GB + 1.5TB Seagate SATA 7200rpm : LG super multi DVD writer : Coolermaster Storm Enforcer
W32.Opaserv.Worm
<!-- BBCode Quote Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=-1>Quote:</font><HR></TD></TR><TR><TD><FONT SIZE=-1><BLOCKQUOTE>
<BR>On 2003-03-29 12:41, hooloovoo wrote:
<BR>Can someone please advise me how to get rid of this worm?
<BR><IMG SRC="images/forum/smilies/icon_confused.gif">
<BR>
<BR><font size=-1>[ Edited by hooloovoo On Date <br>March 29, 2003 ]</font>
<BR></BLOCKQUOTE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE><!-- BBCode Quote End -->
<BR>get yourself a Mac. <IMG SRC="images/forum/smilies/icon_rolleyes.gif">
<BR>On 2003-03-29 12:41, hooloovoo wrote:
<BR>Can someone please advise me how to get rid of this worm?
<BR><IMG SRC="images/forum/smilies/icon_confused.gif">
<BR>
<BR><font size=-1>[ Edited by hooloovoo On Date <br>March 29, 2003 ]</font>
<BR></BLOCKQUOTE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE><!-- BBCode Quote End -->
<BR>get yourself a Mac. <IMG SRC="images/forum/smilies/icon_rolleyes.gif">
<html>
<body bgcolor="green">
<img src="http://uk.geocities.com/snipeers/snipeersavatar">
<i><b><font color="blue">...if the Internet is the end result of our technological evolution, i'd rather be an ape</font></b></i>
<body bgcolor="green">
<img src="http://uk.geocities.com/snipeers/snipeersavatar">
<i><b><font color="blue">...if the Internet is the end result of our technological evolution, i'd rather be an ape</font></b></i>
W32.Opaserv.Worm
Golden rules for dealing with Opaserv:
<BR>
<BR>1. Disconnect from the LAN and unshare any shared directories.
<BR>2. If Win95/8 or ME, install MS´s patch from <!-- BBCode auto-link start --><a href="http://www.microsoft.com/technet/treevi ... 00-072.asp" target="_blank">http://www.microsoft.com/technet/treevi ... sp</a><!-- BBCode auto-link end -->
<BR>3. If Win ME or Xp, disable and clear the System-Restore function, because Opaserv hides in here.
<BR>4. Empty the Recycle Bin - and if it´s Norton-protected, clear the Norton-protected files. Opaserv hides in here as well.
<BR>5. Scan your system with up-to-date AV tools and make sure the contents of any .Cab files are scanned - yeah, Opaserv hides in those too.
<BR>
<BR>That´s about all I can remember of the little bugger´s tricks for the mo.
<BR>
<BR>1. Disconnect from the LAN and unshare any shared directories.
<BR>2. If Win95/8 or ME, install MS´s patch from <!-- BBCode auto-link start --><a href="http://www.microsoft.com/technet/treevi ... 00-072.asp" target="_blank">http://www.microsoft.com/technet/treevi ... sp</a><!-- BBCode auto-link end -->
<BR>3. If Win ME or Xp, disable and clear the System-Restore function, because Opaserv hides in here.
<BR>4. Empty the Recycle Bin - and if it´s Norton-protected, clear the Norton-protected files. Opaserv hides in here as well.
<BR>5. Scan your system with up-to-date AV tools and make sure the contents of any .Cab files are scanned - yeah, Opaserv hides in those too.
<BR>
<BR>That´s about all I can remember of the little bugger´s tricks for the mo.