Suzy:
Opaserv should be detected by Trend. If it wasn't maybe it is a False Postive declaration.
Let's find out....
Please use minimally the Freedom, F-Secure and Panda scanners below....
Freedom Online scanner
http://www.freedom.net/viruscenter/index.html
F-Secure:
http://support.f-secure.com/enu/home/ols.shtml
McAfee:
http://www.mcafee.com/myapps/mfs/default.asp
Panda:
http://www.pandasoftware.com/activescan/
Kaspersky:
http://www.kaspersky.com/de/scanforvirus
Symantec:
http://security.symantec.com/
BitDefender
http://www.bitdefender.com/scan/license.php
* * * Please report your results ! * * *
Dave
| Well darn! First, I tried what Newbie had to offer -- didn't work.
| Before receiving David's reply I went in manually and deleted an infected
| compressed file that I was able to locate. One infected file still shows up
| (Filename: win.ini; Threat Name: W32.Opaserv(win.ini) <Item Information: The
| compressed file win.ini within c:\undo\backup.cab is infected with the
| W32.opaserv(win.ini) virus.> NAV2004 fails to repair it, fails to
| quarantine it and fails to delete.
| Thank you David for your very detailed reply. I followed everything to the
| letter, with high hopes! Spent most of my morning running everything you
| suggested and then finally scanned using my NAV2004 and the aforementioned
| virus still remains. I reviewed the Log (I wish I could copy and paste into
| this post but it won't allow me -argggg!). On the first Sysclean run it
| found 6 viruses and cleaned them. Of course, not the one in question. I
| curious now as to why NAV2004 didn't find those 6 viruses! The virus of
| topic here was not detected. On the second Sysclean run it found NO
| viruses.
| Although this virus does not seem to affect the computer it's still is a
| nagging problem to me. If you have any other suggestions, please let me
| know. In the meantime, I'll run Sysclean again.
| Thanks again for your reply.
| Suzy
|
|
|
| | > 1) Download the following two items...
| >
| > Trend Sysclean Package
| >
http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| >
http://www.trendmicro.com/download/pattern.asp
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download SYSCLEAN.COM and place it in that directory.
| > Dowload the signature files (pattern files) by obtaining the ZIP file.
| > For example; lpt228.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same
| > directory as
| > SYSCLEAN.COM.
| >
| > 2) If you are using WinME or WinXP, disable System Restore
| >
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 3) Reboot your PC into Safe Mode
| > 4) Using the Trend Sysclean utility, perform a Full Scan of your
| > platform and
| > clean/delete any infectors found
| > 5) Restart your PC and perform a "final" Full Scan of your platform
| > 6) If you are using WinME or WinXP, Re-enable System Restore and
| > re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 400 ~
| > 600MB),
| > 7) Reboot your PC.
| > 8) If you are using WinME or WinXP, create a new Restore point
| > 9) Please report back your results
| >
| > Dave
| >
| >
| >
| >
| >
| >
| > | > | I'm running Norton AntiVirus 2004 on XP. I've decided it's time to deal
| > | with this
| > | W32.Opaserv(win.ini) virus that keeps showing up in daily scans in which
| > the
| > | "repair failed". Removal instructions on Symantec's site don't resolve
| > my
| > | issue and I can't find any information on their site where this virus
| > shows
| > | up on a computer running XP. Can someone point in the right direction
| > so I
| > | can finally get this virus removed -- I tired of it showing up.
| > | BTW, the computer is on a network. (My broadband connection goes into
| > | another computer (which is protected with a firewall) and then back out
| > to a
| > | hub. The infected computer gets the internet connection via the hub.)
| > | Thanks. Suzy
| > |
| > |
| >
| >
|
|
