[THIN] Re: OT Opaserv virus
- From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 13 Nov 2002 14:04:13 -0000
I had this one at home and it kept on coming back as well. It only affected
my win98 machines and came back because of an unpatched security hole. I
can't remember the details but it was something to do with shares with zero
length passwords. Have a look at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-072.asp for the full story. The virus exploits the security
hole to copy itself to machines with a shared called C and no password, ie
\\machinename\c . Patches exist for all versions of w9x. Whenever I
connected to the internet, the virus was being reinstalled via the security
hole. Once I installed the MS hotfix it vanished and hasn't been back. Not
having a share called C would help as well ;-)
-----Original Message-----
From: Jeff Stockard [mailto:JStockard@xxxxxxxxxxxxxxx]
Sent: 13 November 2002 12:30
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT Opaserv virus
I have a client PC that is infected with the Opaserv e and the Opaserv g
virus. I went to the Symantec site and downloaded the tool to fix this
(onto a floppy from a clean PC and write protected the floppy to avoid
cross contamination). I took the PC off the network, turned off Auto
Restore (Windows ME) and booted to safe mode. I ran the tool and the
virus came back. I followed the same procedures again (the directions
say to run this until the PC comes up clean). The tool said I did not
have the virus any more.
Two days later (still off the network and Auto restore still off) she
had the virus again. This time I manually deleted every file listed on
the Symantec instructions (brasil*.*, cuzao*.*, cronos*.*, marco*.*,
scrsvr*.*, tmp.ini and put.ini(from all directories)). When I rebooted
her PC before I went home, the virus was back.
Does anyone have an idea where this could be coming from?
Thank you,
Jeff
Jesus Loves You
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
