I had this one at home and it kept on coming back as well. It only affected my win98 machines and came back because of an unpatched security hole. I can't remember the details but it was something to do with shares with zero length passwords. Have a look at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS00-072.asp for the full story. The virus exploits the security hole to copy itself to machines with a shared called C and no password, ie \\machinename\c . Patches exist for all versions of w9x. Whenever I connected to the internet, the virus was being reinstalled via the security hole. Once I installed the MS hotfix it vanished and hasn't been back. Not having a share called C would help as well ;-) -----Original Message----- From: Jeff Stockard [mailto:JStockard@xxxxxxxxxxxxxxx] Sent: 13 November 2002 12:30 To: thin@xxxxxxxxxxxxx Subject: [THIN] OT Opaserv virus I have a client PC that is infected with the Opaserv e and the Opaserv g virus. I went to the Symantec site and downloaded the tool to fix this (onto a floppy from a clean PC and write protected the floppy to avoid cross contamination). I took the PC off the network, turned off Auto Restore (Windows ME) and booted to safe mode. I ran the tool and the virus came back. I followed the same procedures again (the directions say to run this until the PC comes up clean). The tool said I did not have the virus any more. Two days later (still off the network and Auto restore still off) she had the virus again. This time I manually deleted every file listed on the Symantec instructions (brasil*.*, cuzao*.*, cronos*.*, marco*.*, scrsvr*.*, tmp.ini and put.ini(from all directories)). When I rebooted her PC before I went home, the virus was back. Does anyone have an idea where this could be coming from? Thank you, Jeff Jesus Loves You *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm