Boot Sector infected by Opaserv.K

Discussion in 'malware problems & news' started by Spotlight, Jan 15, 2003.

Thread Status:
Not open for further replies.
  1. Spotlight

    Spotlight Guest

    After a few seconds windows starts i get this messageIllegal Microsoft Windows license detected!
    You are in violation of the Digital Millennium Copyright Act!

    Your unauthorized license has been revoked.

    For more information, please call us at:

    1-888-NOPIRACY

    If you are outside the USA, please look up the correct contact
    information on our website, at:

    www.bsa.org

    Business Software Alliance
    Promoting a safe & legal online world.



    I tried to scan the hard disk on another pc with Norton Antivirus 2003 which found the infection but could not repair the boot sector. Any suggestions?
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Have you tried using Symantec's removal tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.removal.tool.html ?

    Regards,

    Pieter
     
  3. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    Boot on a Win98SE floppy disk for instance and execute
    Fdisk /mbr

    Rgds,
     
  4. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
  5. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    You appear to be infected with Opaserv O

    From Panda:

    Brief Description

    Opaserv.O is a worm that activates if the date is December 24 2002 or later.

    The effects of Opaserv.O are very dangerous as it deletes the infected computer's BIOS information (CMOS memory) and the contents of the hard disk.

    Opaserv.O spreads across networks and shared resources. It affects computers or resources (for example, communications ports) that are connected to other infected computers.


    Visible Symptoms

    One it has infeted the computer, Opaserv.O restarts the infected machine and displays a message in an MS-DOS window.


    This message simulates a warning about the version of the Windows operating system installed on the affected computer:

    NOTICE:
    Illegal Microsoft Windows license detected!
    You are in violation of the Digital Millennium Copyright Act
    Your unauthorized license has been revoked
    For more information, please call us at:
    NOPIRACY
    If you are outside the USA, please look up the correct contact information on our website, at:
    www.bsa.org
    Business Software Alliance
    Promoting a safe & legal online world

    After displaying this message, Opaserv.O deletes the content of the computer's CMOS (BIOS) and hard disk.


    From the above, it doesn't look good
     
  6. Spotlight

    Spotlight Guest

    I run fdisk and the "display partition information" optio shows 3 partitions, the first one being novell and the other two non-dos although i have Windows 98SE installed!!!!! I tried F-prot for Dos with the latest definitions but it didn't recognise the virus. Also fdisk /mbr doesn't work
     
  7. Spotlight

    Spotlight Guest

    I also tried the symantec and other removal tools with no result
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    From: http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html

    These removal instructions are useful only if the payload has not run. If the payload has run and you saw the "Illegal Microsoft Windows license detected" message, as described in the previous section, it is possible that your computer is no longer functional.
    If you can no longer start your computer, we suggest that you contact the computer's manufacturer for assistance. You may have to repartition the hard drive, and re-install the operating system. You will also need to restore data from a clean backup.

    :( :(
     
Loading...
Thread Status:
Not open for further replies.