Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:W32.Opaserv.Worm, WORM_OPASERV.G [Trend], W32/Opaserv-F [Sophos], Win32.Opaserv.G [CA], W32/Opaserv.worm [McAfee]
Type:Worm 
Size:12,800 Bytes 
Origin: 
Date:00-00-0000 
Damage:Spreading over unprotected network resources. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Medium 

DistributionIt tries to spread over unprotected network resources.

Technical DetailsWhen activated on a Windows 95/98/Me computer, Worm/OpaSoft.D checks for 'Cuzao!Old' in the registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
If present, the related file is deleted. If not, the worm checks for 'cronos' in the registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
If not present, the worm makes the registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run cronos
C:\WINDOWS\marco!.scr

Then, it checks if the file C:\WINDOWS\marco!.scr has been activated. If not, it copies itself in this file and makes the registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Cuzao!Old

After controlling the registry and the place of its activity, the worm ensures that it has only one version in system memory, using a Mutex named marquinhos!.

The worm uses a security vulnerability of Microsoft Windows 95/98/Me. It sends single password characters to the network resource for accessing other Windows 95/98/Me files, without knowing the password.
The affected systems are:
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me

It creates C:\Gay.ini, that contains the text
'run=c:\Windows\Brasil.exe,c:\Windows\Brasil.pif,c:\Windows\marco!.scr '.

It looks like the worm is able to update itself, reading files from a website.
It also tries to download a file named Vaisef.exe.
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.