View Full Version : Worm removal

18-12-2002, 09:59 AM
I am engaged in removing an infection of the Opaserv worm on a six computer peer to peer network of desktop PCs running Windows 98 SE. I have run NAV 2002 with the latest virus definitions on the ICS host which told me some files could not be cleaned and therefore they were deleted. To reinstall these files I re-ran Windows setup from the CD. Was this the correct procedure? Should I have uninstalled Windows first and reinstalled or will this install the lost files again? Should I have gone to safe mode to do this?

I have disconnected the network cabling from the client computers and disabled sharing. I have downloaded the W32 Opaserv removal tool and the Windows Security patch to floppy and propose to work on the clients one by one installing the removal tool and the Windows patch before reconnecting them to the network.

Any advice would be gratefully received.

18-12-2002, 10:14 AM
Sounds like youve done just fine if the virus has been removed. Some system files simply cant/shouldnt be removed, and there's also the chance that programs on your PC require more up2date versions of the files than those that came on the origional windows CD, so be careful, but you should have no problems there :).

I would suggest if possible that you perhaps download the latest AVG and (with the gateway disconnected form the web) copy that onto all the machines, giving them constand protection for free. This will also remove the file and any chance of it coming back.

If you have the patch on floppy, it'd be good to install that, and possibly an other patches that are available, although 98SE is pretty okay, as SE contains the patches from 98....

Good luck, you seem to be doing fine :D

And a Merry Christmas too!

19-12-2002, 01:43 PM
In fact the worm was not present on the client PCs and I have installed Microsoft's patch to prevent a reinfection.

I am puzzled as to why you suggest I install a second antivirus program AVG. I have always found Norton Antivirus 2002 to be adequate provided it is updated regularly, and this seems to go for many thousands of other users. Symantec say that if you have 2 antiviral programs on the same PC one is likely to falsely detect the other as a virus.

I can not get the network to share access to the Internet through the ICS host and the hub, even though they seem to be seeing each other and sharing each others files. I suspect that vital files which allow access to the Internet via the ICS host are now missing from the registry. I say this because the purpose of the Opaserv worm is to interfere with your network setup and I had to delete infected files as they could not be cleaned. Apparently they have not been reinstalled by a reinstall of Win 98 SE. There is a conflict in log-on numbers in the host PC , and it tells me that my "network is not complete" but will not allow me to alter any settings. I decided the best thing to do was to turn it off and go home.

I have an expert coming in tomorrow to diagnose the problem for me so will keep you posted as to what the answer turns out to be.