Opaserv is driving me crazy!!

Discussion in 'malware problems & news' started by infini, Oct 11, 2002.

Thread Status:
Not open for further replies.
  1. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    112
    I was infected with w32 Opaserv. Finally i managed to disinfect it with removal tools in safe mode and removing from the registry and win.ini all the entries of the worm. I laso made a full scan ( i use nav2002) in safe mode which found nothing. When my computer connects to the internet i get warning messages from Norton that it quarantined the file "scrsvr.exe". I didn't download anything or opened any e-mails. Can you please help?
     
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    ..if NAV caught it and quarantined it does that mean that my machine is NOT infected?
    --------------------------------------------------------------------------------

    Yes, you're completely safe: files stored in quarantine are encrypted and harmless.

    --------------------------------------------------------------------------------
    Do I need to remove any file from my machine or has NAV already taken care of that?
    --------------------------------------------------------------------------------

    You can view info on the infected file by going to Quarantine: from the main screen, click on Reports, then View Report (quarantine). Or from the NAV program group, as I mentioned previously. If you wish to delete the file, just go to Quarantine, highlight the file, and click the Delete Item button

    --------------------------------------------------------------------------------
    Do I need to be concerned about any infection at this point?
    --------------------------------------------------------------------------------

    Nope, you're clean. To make sure, run a full system scan from the main screen.
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    If you want to be extra sure it is all gone... :D


    Tools to clear the W32/Opasoft.A of an infected system

    In order to eliminate this worm of an infected system, the following tools are suggested:

    W32.Opaserv.Worm Removal Tool (Symantec) (156 Kb)
    to http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.removal.tool.html

    PQRemove (Bulging) (1,2 Mb)
    http://updates.pandasoftware.com/pq/gen/opaserv/ pqremove.com
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,100
    NOD32 also offers a very good utility (and Eset's products have not had any reported false positives, and have a 100% reported detection rate - so I'd give this one a try too).

    Website link: http://www.nod32.com.au

    Direct download link: http://www.nod32.it/tools/OPACLEAN.ZIP

    -Javacool
     
  5. NetWatchman

    NetWatchman Security Expert

    Joined:
    Jul 24, 2002
    Posts:
    31
    Dude..you can't fix this problem with dis-infection alone...you'll just get re-infected within minutes of connecting to the Internet:

    See:
    http://www.mynetwatchman.com/kb/security/ports/17/137.htm
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Lawrence,

    Nice white paper ;). Indeed one should take care of precaution measures in order to avoid re-infection.

    regards.

    paul
     
  7. Yodafan

    Yodafan Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.