PDA

View Full Version : W32Opaserve



fatpat
21-04-2003, 12:15 PM
My computer was infected with the W32 Opaserve virus and in desparation used the Symantec online help A$119 to remove the virus.
Virus has returned and is not in the previous locations. Only returns when i am connected and to date only corrupts the printer file.
Starts with brasil, then marcos, then sscrree, then WIN.INI file.
Have used the Microsoft fix and the Symantec removal tool and still it comes.
Any suggestions.

wotz
21-04-2003, 12:19 PM
I had this problem at work on 1 PC. I went into the registry and searched for opaserve and brasil, and deleted them all. Nortons removal instructions had not worked for me either.

tweak\'e
21-04-2003, 12:22 PM
$119 ouch!

see here (http://www.symantec.com/avcenter/venc/data/w32.opaserv.worm.html).

clean it out, update your antivirus protection and fix the holes so you don't get it again.

PoWa
21-04-2003, 01:32 PM
Follow the manual removal steps and make sure your unplugged from any network or the internet.

Then go to here (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2002102216201006) to stop reinfection.

Murray P
21-04-2003, 04:32 PM
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.P

HTH

Murray P

Pheonix
21-04-2003, 04:41 PM
Two things...1/ turn off system restore if xp/2k/ME, clean then turn restore back on and make a restore point. NOTE when system restore is turned off, it deletes all restore points.
2/ Visit online virus check/clean at http://housecall.trendmicro.com/

fatpat
22-04-2003, 09:11 PM
I have downloaded the Microsoft fix and installed it. I have downloaded the Symantec fix and removal tool and run the tool in safe mode and in ordinary mode. I have disconnected the other computer in the network. I have the latest virus updates and run Norton 2002 every night.
The virus only comes when i am connected to the internet.
I have searched HKEY_local_machine looking for indication of the infection and gone into the registry to search the run command everything is as it should be.
If it is hiding in my temporary files why is Norton not finding it?

tweak\'e
22-04-2003, 10:38 PM
this may seem like a barstard question buts theres a method in my madness (or is that maddness in my method ??) ........

>The virus only comes when i am connected to the internet

How do you know your infected? details please. :)

stu140103
22-04-2003, 10:40 PM
do you have a firewall????

Murray P
22-04-2003, 11:02 PM
Hi

The worm has a back door component, block it with your firewall. It may be updating itself by calling "home".

Had a similar virus/worm recently. It took several attempts to clean it off a win98 machine. In the end I deleted the temp folder in DOS and while still in DOS ran the TrendMicro cleaner for the particular nasty. I think you need the exact cleaner program so you need to be specific re version of virus/worm.

In my case I found I had been infected by 2 varients of the thing and the file name of the files it dropped into the temp folder changed at random. Just a guess but, I think the 2nd varient was called up (if thats the right term) by the first, either as a dorment file brought to life or downloaded. So at first I was try to clean one without knowing that the 2nd was working away.

HTH & wish u success

Murray P