-
October 1st, 2002, 02:06 PM
#1
Registered User
FYI new virii
Madrid, October 1, 2002 - Panda Software has reported two new worms, called
Opaserv (which spreads through shared network drives), and Bugbear. Although
Opaserv (W32/Opaserv) only appeared a few hours ago, it is already fourth in
the ranking of the most frequently detected viruses by the free, online
scanner Panda ActiveScan.
Opaserv has a large capacity to spread through networks, making it
particularly dangerous in corporate environments. Its main aim is to infect
other computers, especially those connected to a network. In order to
spread, it uses a file called "SCRSVR.EXE", and is activated when this file
is run. It also copies itself -under the name ScrSvr.exe- to the Windows
directory of the affected computer, going memory resident. In order to
ensure that it is run whenever the computer is restarted, it creates an
entry in the Windows Registry. Finally, it is worth highlighting that
Opaserv tries to connect to a Web address.
The second worm, Bugbear (W32/Bugbear), is designed to send itself out in a
file attached to an e-mail message. The name of the attachment and subject
and message of the e-mail are variable. This malicious code can open port
36794 in the computer under attack and, at the same time, stop applications
such as antivirus programs and personal firewalls. As a result, the worm
opens a backdoor that could allow an attacker to access a remote computer or
network.
-
October 1st, 2002, 02:43 PM
#2
Flabooble!
Yay! New viruses! Yay! Yay! Yay!
-
October 1st, 2002, 02:44 PM
#3
Driver Terrier
Thanks for the heads up Geo
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
October 1st, 2002, 02:51 PM
#4
Registered User
If they are just the normal run-of-the-mill stuff, I usually don't post them, but that first one looks nasty. To go from first discovery to fourth in the ranking in a few hours is faster than anything I've seen for a while. May be another Nimda situation
-
October 6th, 2002, 09:41 AM
#5
scrsvr.exe
When you discover that you have this virus...what do you do to correct this problem? I purchased Norton Anti Virus and scanned the hard drive and it says it is successfully removed but I still receive a message that scrsvr.exe cannot be located...What do I do now??? Thanks!!
-
October 6th, 2002, 10:16 AM
#6
Registered User
Re: scrsvr.exe
Originally posted by bendawgs
When you discover that you have this virus...what do you do to correct this problem? I purchased Norton Anti Virus and scanned the hard drive and it says it is successfully removed but I still receive a message that scrsvr.exe cannot be located...What do I do now??? Thanks!!
You failed to indicate what OS.....Try going to start/run and type in msconfig. Go to the start up tab and uncheck scrsvr.exe, apply and reboot. This is for 98/SE/ME it is the same for W2k/Xp unless it is running as a service. try this first.
-
October 6th, 2002, 10:26 AM
#7
Registered User
It probably won't show in the startup menu:
Means of infection W32/Opaserv.D creates the following files:
SCRSVR.EXE, in the Windows directory. This file contains the infection code.
TMP.INI, in the root directory of the hard disk. This is a copy of the system's WIN.INI file, with the following modification: the "run=" line is changed to run=c:\windows\system\srcsvr.exe. W32/Opaserv.D also enters the line run=c:\tmp.ini in the original WIN.INI file, which causes the worm to run.
W32/Opaserv.D inserts the following entry in the Windows Registry:
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run "ScrSvr" = %WinDir%\ SCRSVR.EXE
You will have to delete the TMP.ini file from the root of your C drive, edit the win.ini file to remove the reference to TMP.INI, and removed the mentioned registry entry. Alternately, try going to the Symantec website and downloading the fix tool for this virus..It should make the changes, although I have noticed the fix tools sometimes do not work after the virus is already disinfected but not repaired.
-
October 7th, 2002, 11:33 AM
#8
Flabooble!
My buddy just got bugbear. I had him update the virus scanner and he also has hybris - again. Stoopid F**** people.
-
October 7th, 2002, 01:29 PM
#9
Registered User
Only 1 instance of Bugbear repelled on my home system so far, but I've been noticing an increase in Hybris appearances also.
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. -Douglas Adams
-
October 7th, 2002, 02:16 PM
#10
Registered User
Had three attempts to my personal email and 60 to our mail server today alone for the bugbear. They came in about 8 different guises, persistant little sod.
If it aint broke, don't fix it....... If it's broke, buy a new one
-
October 9th, 2002, 11:37 AM
#11
Registered User
Viruses WaaWhoo...Man I love them I make so much money by removing them ... 45 bucks a virus...people with a 5 or more we usually give them a break.
I usually remove about 5 to 10 a week
The most popular ones I got in my area is
Hybris
Nimda
Loveletter
Slator
Magistar
Klez ( Very Popular )
I have to say I accidentaly released Worms to a lot of people
Sorry...
Last edited by LaSERCHiPs; October 9th, 2002 at 11:44 AM.
"GOOD 2 GO"
-
October 11th, 2002, 08:20 AM
#12
Junior Member
Yeah - Bugbear is really whanging around...........
Watchout!! - those of you with mailmonitoring/sweeping software would be wise to make sure that you also enable "multiple file extension monitoring" - I've caught a couple of hybrid versions of bugbear using multiple file extension monitoring!!
This is what I'd like to do to those users who persistantly use multiple file extensions instead of sticking to convention and NOT using dots to punctuate file names->
-
October 11th, 2002, 09:21 AM
#13
Registered User
And now there is a new one for msn users that tries to get you to download a program masquerading as a cd key generator..installs a trojan..has anyone else noticed that most of the new virii seem to be focused on installing system control modules instead of just hosing the machine??
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks