English
Deutsch
Francais
Español
Italian
Accueil
Menaces
Worm/OpaSoft
Recherche
Accueil
Support
Solutions
Produits
Téléchargements
Menaces
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Société
Presse
Partenaires
Newsletter
Worm/OpaSoft - Worm
A voir aussi
Brève description
Description complète
Statistiques
How would you rate this information?
Worthless
Excellent
Alias:
W32/OpaServ.Worm
Type:
Worm
Size:
28,672 bytes
Origin:
unknown
Date:
09-30-2002
Damage:
VDF Version:
Danger:
Low
Distribution:
Medium
General Description
Worm/OpaSoft spreads over networks as "SvrScr.exe" file. It also tries to download an update from the website www.opasoft.com.
Symptoms
- the files and registry entries mentioned below.
- Increased traffic on port 139 (UDP).
Distribution
Worm/OpaSoft looks for mapped network drives and copies itself as "ScrSvr.exe" wherever it has writing rights.
Technical Details
When activated, the worm copies itself as ScrSvr.exe in Windows system and makes the following registry entry:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run]
"ScrSvr"="C:\Windows\ScrSvr.exe"
Then it creates a file named TMP.INI in the root directory of drive C. This file has the following line:
"run=c:\windows\scrsvr.exe"
and makes the following entry in Win.ini:
run=c:\tmp.ini
Worm/OpaSoft looks for mapped network drives and copies itself as "ScrSvr.exe" wherever it has writing rights. It then tries to download an update from the website www.opasoft.com. But this however will fail, since the page can no longer be attained.
If active, Worm/OpaSoft dispatches all IP addresses over port 139. If the worm can find a computer, on Intranet or Internet, which has a shared C drive, it copies itself as "ScrSvr.exe" in that drive.
Variants:
Worm/OpaSoft.B version:
Name: Worm/OpaSoft.B
Type: Worm
Size: 24.064 Bytes
Platform: Windows 95/98/Me/NT/2000/XP
It has the same payload as Worm/OpaSoft. It spreads over shared drives on Intranet and Internet. The worm differs, though, by its size and registry entry:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run]
"Brasil"="C:\\WINDOWS\\Brasil.pif"
The run entry in Win.ini is changed. This refers directly to the worm file Brasil.pif:
run=c:\windows\Brasil.pif
Worm/OpaSoft.C version:
Name: Worm/OpaSoft.C
Type: Worm
Size: 24.064 Bytes
Platform: Windows 95/98/Me/NT/2000/XP
It has the same payload as Worm/OpaSoft. It spreads over shared drives on Intranet and Internet. The worm differs, though, by its size and registry entry:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run]
"Brasil"="C:\\WINDOWS\\Brasil.exe"
The run entry in Win.ini is changed. This refers directly to the worm file Brasil.exe:
run=c:\windows\Brasil.exe
Voir la description brève
ici
.
Description inséré par Crony Walker sur Tue, 15 Jun 2004 14:00 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« Retour
Imprimer cette page
Worm/Mytob.AD
TR/Crypt.CFI.Gen
Worm/Klez.E
W32/Elkern.C
Worm/Lovgate.W
TR/Dldr.Renos.CH
TR/Buzus.iij
TR/Dldr.Banload.ins
TR/Banker.Banker.acdq
TR/Dldr.AutoRun.T.2
© 2009 Avira GmbH
Copyright
Domaine privé
Plan du site
Feedback
Marque d’impression
FAQ
Contact
Menaces 
Imprimer cette page
