Hi People, My wife brought a brand new variant of an old worm OPASRV home from school. Not detected by the latest versions of Norton, Trend or McAfee. Symptoms are high CPU utilization, slow or blocked network access. The payload is a 20K executable, srv32.exe which installs itself as a service and is located in system32. The old OPASRV worm spread from other infected PCs via port 137, not sure what this one does. Initial mode of infection not known as yet. Removal is fairly straighforward. Use taskmgr to kill srv32.xe and delete the srv32 entry under HKLM\System\CurrentControlSet\Services. I'm send a copy of the worm to Trend for analysis. regards, Rick Ulrich Mack Volante Systems ________________________________ From: thin-bounce@xxxxxxxxxxxxx on behalf of Dogers Sent: Fri 22/10/2004 6:33 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: ThinStation Well, I call them test machines, but theyre actually live machines staff use :) I think its quite a good setup, the only problem I have is that the machines currently aren't booting remotely, I've not got round to setting up RIS on the network yet. Theres a very active mail list for it as well (http://lists.sourceforge.net/lists/listinfo/thinstation-general) and they recently had a poll on there as to who uses it on what scale, seems theres 5 users with over 500 clients using it somewhere! http://sourceforge.net/mailarchive/forum.php?thread_id=5730699&forum_id=33087 Theres also a "LiveCD" which you can download, burn and test it out with, although its a "stable" version, not the cutting edge beta version, which is generally stable anyway! Andrew On Fri, 22 Oct 2004 08:34:20 +0200, Lennart Koschella <lk@xxxxxxxxxxxxxxxxxxxx> wrote: > dogers@xxxxxxxxx wrote: > > >I've got a few (3!) test machines running it, what do you want to know? > > Generally I'd like to know whether it's worth to take a deeper look at it. > We have currently about 50 older PCs (Pentium I/II class) which we want to > use as thin clients without putting a lot of energy into it. I read the > documentation on the ThinStation website and it looks as if it is exactly > what we need. Now I wonder if someone really uses ThinStation in a > productive environment (and can give me some hopefully positive feedback). > > > > > With kind regards, > > Lennart Koschella > System Adminstrator > University Hospital Tuebingen/Germany > > ******************************************************** > This Weeks Sponsor RTO Software > Do you know which applications are abusing your CPU and memory? > Would you like to learn? -- Free for a limited time! > Get the RTO Performance Analyzer to quickly learn the applications, users, > and time of day possible problems exist. > http://www.rtosoft.com/enter.asp?id=320 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ##################################################################################### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. #####################################################################################