English
Deutsch
Home
Vireninfos
Worm/OpaSoft
Suche
Home
Support
Lösungen
Produkte
Downloads
Vireninfos
Statistiken
VDF Historie
Virenkunde
Datei-Upload
Sicherheits-News
In-the-Wild-Viren
Unternehmen
Presse
Partner
Newsletter
Worm/OpaSoft - Worm
Siehe auch
Kurzfassung
Vollständig
Statistik
Wie würden Sie diese Information bewerten?
Wertlos
Hervorragend
Alias:
W32/OpaServ.Worm
Type:
Worm
Size:
28,672 bytes
Origin:
unknown
Date:
09-30-2002
Damage:
VDF Version:
Danger:
Low
Distribution:
Medium
General Description
Worm/OpaSoft spreads over networks as "SvrScr.exe" file. It also tries to download an update from the website www.opasoft.com.
Symptoms
- the files and registry entries mentioned below.
- Increased traffic on port 139 (UDP).
Distribution
Worm/OpaSoft looks for mapped network drives and copies itself as "ScrSvr.exe" wherever it has writing rights.
Technical Details
When activated, the worm copies itself as ScrSvr.exe in Windows system and makes the following registry entry:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run]
"ScrSvr"="C:\Windows\ScrSvr.exe"
Then it creates a file named TMP.INI in the root directory of drive C. This file has the following line:
"run=c:\windows\scrsvr.exe"
and makes the following entry in Win.ini:
run=c:\tmp.ini
Worm/OpaSoft looks for mapped network drives and copies itself as "ScrSvr.exe" wherever it has writing rights. It then tries to download an update from the website www.opasoft.com. But this however will fail, since the page can no longer be attained.
If active, Worm/OpaSoft dispatches all IP addresses over port 139. If the worm can find a computer, on Intranet or Internet, which has a shared C drive, it copies itself as "ScrSvr.exe" in that drive.
Variants:
Worm/OpaSoft.B version:
Name: Worm/OpaSoft.B
Type: Worm
Size: 24.064 Bytes
Platform: Windows 95/98/Me/NT/2000/XP
It has the same payload as Worm/OpaSoft. It spreads over shared drives on Intranet and Internet. The worm differs, though, by its size and registry entry:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run]
"Brasil"="C:\\WINDOWS\\Brasil.pif"
The run entry in Win.ini is changed. This refers directly to the worm file Brasil.pif:
run=c:\windows\Brasil.pif
Worm/OpaSoft.C version:
Name: Worm/OpaSoft.C
Type: Worm
Size: 24.064 Bytes
Platform: Windows 95/98/Me/NT/2000/XP
It has the same payload as Worm/OpaSoft. It spreads over shared drives on Intranet and Internet. The worm differs, though, by its size and registry entry:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run]
"Brasil"="C:\\WINDOWS\\Brasil.exe"
The run entry in Win.ini is changed. This refers directly to the worm file Brasil.exe:
run=c:\windows\Brasil.exe
Kurzfassung
hier
.
Beschreibung erstellt von Crony Walker am Tue, 15 Jun 2004 14:00 (GMT+1)
»
Über Malware
»
Über Phishing
»
In-the-Wild-Viren
« zurück
Diese Seite drucken
Worm/Netsky.HB
TR/Crypt.CFI.Gen
Worm/Netsky.D.Dam
W32/Elkern.C
Worm/Mytob.HA
Halifax 26
TR/Vundo.GJ
TR/Agent.Abt.3
Halifax 25
TR/Dldr.PurityScan.FK
Einfach aktuelle Nachrichten von Avira bekommen, als
Erkennt und entfernt folgende Malware und ihre Varianten:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
Hier downloaden
"Prozess einer Virenabwehr"
Virenwarnung
auf Ihre Webseite einbinden
© 2008 Avira GmbH
Copyright
Datenschutz
Sitemap
Feedback
Impressum
FAQ
Kontakt
Diese Seite drucken
.gif)
