Opaserv

HI

I have 2 computers on a network, this is my main computer i use, when i
connect the other computer to the internet through this one its fine, but if
i connect the other computer to a line on its own (when i have alot of
webstuff to upload i may want 2 lines) Nortons keeps detecting the
W32.Opaserv worm but deletes or repairs the infected file before it does any
damage, computer doesnt get infected just keep getting popups to say it was
found.

When its not on the internet its fine to. And nothing is infected this
computer when i go online, it just seems to be the other computer when it
goes on a line to itself.

I scan that computer - nothing found
I use the Opaserv Worm Fix Tool - Nothing found
I cant find any files i know relevant to the virus, so i dont know why it
keeps starting every now and then when it goes online!!

Files infected have been with Opaserv.E , Opaserv.AD, Opaserv, Opaserv.H
usually the same names alevir.exe, speedy.pif, natal!.pif, instit.bat,
win.ini (it repairs that one)

I've install the Microsoft Patch (twice) on that other computer like they
suggested.

Where could it be coming from?

Anyone else had trouble with this one?

thanks
Shirl

On that special day, Shirl, (nospamatShirl@claraspamless.net) said...

> i connect the other computer to a line on its own (when i have alot of
> webstuff to upload i may want 2 lines) Nortons keeps detecting the
> W32.Opaserv

Do you run shares open to the world? Is the whole c: hard disk writeable
for the entire outer world? Please stop that. Opaserv/soft comes in over
exactly these shares.

And apply the patch from

http://www.microsoft.com/technet/se...in/MS00-072.asp

(I am amazed that there are *still* PCs on the internet with this
vulnerability active)


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A good, too valuable these days, to give it away, just
so, at no cost.

On Sat, 20 Mar 2004 17:22:55 -0000, "Shirl"
<nospamatShirl@claraspamless.net> wrote:

>When its not on the internet its fine to. And nothing is infected this
>computer when i go online, it just seems to be the other computer when it
>goes on a line to itself.

On each machine, unbind "file and printer sharing" from the tcp/ip
stacks of the Internet connections.

In win9x that would be
start -> settings -> control_panel -> network -> tcp/ip(internet) ->
bindings -> file_and_printer_sharing (untick the box)


Jim.

Hi

I had already tried the patch, but yes i didnt have passwords on the shares,
i now put passwords on the folders i wish to share and took the share on c:
drive off. See if that works.

Shirl



"Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de> wrote in message
news:c3i0fv$q1p$04$1@news.t-online.com...
> On that special day, Shirl, (nospamatShirl@claraspamless.net) said...
>
> > i connect the other computer to a line on its own (when i have alot of
> > webstuff to upload i may want 2 lines) Nortons keeps detecting the
> > W32.Opaserv
>
> Do you run shares open to the world? Is the whole c: hard disk writeable
> for the entire outer world? Please stop that. Opaserv/soft comes in over
> exactly these shares.
>
> And apply the patch from
>
> http://www.microsoft.com/technet/se...in/MS00-072.asp
>
> (I am amazed that there are *still* PCs on the internet with this
> vulnerability active)
>
>
> Gabriele Neukam
>
> Gabriele.Spamfighter.Neukam@t-online.de
>
>
> --
> Ah, Information. A good, too valuable these days, to give it away, just
> so, at no cost.

On Sun, 21 Mar 2004 10:43:18 -0000, "Shirl"
<nospamatShirl@claraspamless.net> wrote:

>Hi
>
>I had already tried the patch, but yes i didnt have passwords on the shares,
>i now put passwords on the folders i wish to share and took the share on c:
>drive off. See if that works.
>
>Shirl
>

It will work in terms of stopping this worm but your underlying
problem of sharing your files with the world will remain.


Jim.

Hi

Only now and then i use that computer on a separate line, i mostly use it
through this computers internet connection that has a firewall.
You suggest putting a firewall on the other computer as well then? Is that
the only way?

thanks
Shirl



"James Egan" <jegan@mailinator.com> wrote in message
news:g44r501hdi8dinifev7a16mj0inmi9hrik@4ax.com...
> On Sun, 21 Mar 2004 10:43:18 -0000, "Shirl"
> <nospamatShirl@claraspamless.net> wrote:
>
> >Hi
> >
> >I had already tried the patch, but yes i didnt have passwords on the
shares,
> >i now put passwords on the folders i wish to share and took the share on
c:
> >drive off. See if that works.
> >
> >Shirl
> >
>
> It will work in terms of stopping this worm but your underlying
> problem of sharing your files with the world will remain.
>
>
> Jim.
>

On Tue, 23 Mar 2004 00:51:21 -0000, "Shirl"
<nospamatShirl@claraspamless.net> wrote:

>Only now and then i use that computer on a separate line, i mostly use it
>through this computers internet connection that has a firewall.
>You suggest putting a firewall on the other computer as well then? Is that
>the only way?

No. In case you didn't see my other post, here it is again.

<re-run>

On each machine, unbind "file and printer sharing" from the tcp/ip
stacks of the Internet connections.

In win9x that would be
start -> settings -> control_panel -> network -> tcp/ip(internet) ->
bindings -> file_and_printer_sharing (untick the box)

</re-run>


Jim.