Opaserv is driving me crazy!!

Discussion in 'malware problems & news' started by infini, Oct 11, 2002.

Thread Status:
Not open for further replies.
  1. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    I was infected with w32 Opaserv. Finally i managed to disinfect it with removal tools in safe mode and removing from the registry and win.ini all the entries of the worm. I laso made a full scan ( i use nav2002) in safe mode which found nothing. When my computer connects to the internet i get warning messages from Norton that it quarantined the file "scrsvr.exe". I didn't download anything or opened any e-mails. Can you please help?
     
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    ..if NAV caught it and quarantined it does that mean that my machine is NOT infected?
    --------------------------------------------------------------------------------

    Yes, you're completely safe: files stored in quarantine are encrypted and harmless.

    --------------------------------------------------------------------------------
    Do I need to remove any file from my machine or has NAV already taken care of that?
    --------------------------------------------------------------------------------

    You can view info on the infected file by going to Quarantine: from the main screen, click on Reports, then View Report (quarantine). Or from the NAV program group, as I mentioned previously. If you wish to delete the file, just go to Quarantine, highlight the file, and click the Delete Item button

    --------------------------------------------------------------------------------
    Do I need to be concerned about any infection at this point?
    --------------------------------------------------------------------------------

    Nope, you're clean. To make sure, run a full system scan from the main screen.
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    If you want to be extra sure it is all gone... :D


    Tools to clear the W32/Opasoft.A of an infected system

    In order to eliminate this worm of an infected system, the following tools are suggested:

    W32.Opaserv.Worm Removal Tool (Symantec) (156 Kb)
    to http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.removal.tool.html

    PQRemove (Bulging) (1,2 Mb)
    http://updates.pandasoftware.com/pq/gen/opaserv/ pqremove.com
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    NOD32 also offers a very good utility (and Eset's products have not had any reported false positives, and have a 100% reported detection rate - so I'd give this one a try too).

    Website link: http://www.nod32.com.au

    Direct download link: http://www.nod32.it/tools/OPACLEAN.ZIP

    -Javacool
     
  5. NetWatchman

    NetWatchman Security Expert

    Joined:
    Jul 24, 2002
    Posts:
    31
    Dude..you can't fix this problem with dis-infection alone...you'll just get re-infected within minutes of connecting to the Internet:

    See:
    http://www.mynetwatchman.com/kb/security/ports/17/137.htm
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Lawrence,

    Nice white paper ;). Indeed one should take care of precaution measures in order to avoid re-infection.

    regards.

    paul
     
  7. Yodafan

    Yodafan Guest

Loading...
Thread Status:
Not open for further replies.