I always count on symantec but this time they did not have it neither did the other anti-virus companies and it's been a month that opaserv is out and still they do not talk about the network protocols well they can't always have it right...
Printable View
I always count on symantec but this time they did not have it neither did the other anti-virus companies and it's been a month that opaserv is out and still they do not talk about the network protocols well they can't always have it right...
We are on with broadband and have a router and linux server but I followed those instructions to turn off net bios over tcp/ip anyway. The only problem is when you go into the tcp/ip properties the netbios section the enable netbios over tcp/ip is enabled and grayed out so i can't turn it off... How do I turn it off/and why would it be grayed out?Quote:
Originally posted by grandam_99
I had the same problem with a network what I did is went to properties of network removed the file and sharing on all the protocols except dial-up networking and removed net bios over tcp/ip heres what sophos has to say about it Symantec has nothing like this
http://www.sophos.com/virusinfo/anal...2opaservc.html
hope this help cause it had me going for a while now everything is back to normal
these virus is what keeps us working...
I would remove netbios and use another protocol and verify the print and file sharing settings
Agreed. That is what I have now done, and all seems sweet for the moment.
Well, until they turn them all back on again on Monday :D :D
We found that password protecting hard drive on each workstation prevents the opa from spreading...It is the only way we were able to stop it. After passwording each drive, we rebooted to safe mode, ran opa removal tool (from symantec), edited win.ini to remove string, removed string from registry startup and rebooted. Virus has not returned since.
Quote:
Originally posted by Judge__Dredd
I have disinfected this virus several times over the past few days, both manually and using symantecs removal tool.
On one PC, the damn thing keeps coming back, and im at a loss where to look next.
All brasil/scrsvr references are removed, win.ini and registry edited. After a shut down (wait) and run of the tool in safe mode all seems well. But then later that day up pops Norton to say its quarantined another infection. There has been no connection to the net at this point, as the phone line was unplugged earlier .On any reboot, the windows pop up again saying scrsvr.exe cant be found. Sure enough, all entries are back in Win.ini and registry. The Opaserve tool, and a scan by Norton find nothing.
The only difference is a file ive not seen before by the name of alevir.exe being in the virus line on Win.ini.
I have tried deleting win.ini from C:\Windows\Recent as well, but to no avail.
Anyone help here??
Well I got rid of this virus (atleast that's what all 3 removal tools, and the latest McAfee updates tell me), but it left me a little preasent. Now printing to shared printers gives an error message about 50% of the time... usually we can get it working eventualy, but it's driving me crazy because I can't figure out how to fix it.
Anyone else having freaky printer problems after cleaning this virus off thier system?
I've had to delete some printers, run the printers setup and reload the drivers.Quote:
Originally posted by Seeker9000
Well I got rid of this virus (atleast that's what all 3 removal tools, and the latest McAfee updates tell me), but it left me a little preasent. Now printing to shared printers gives an error message about 50% of the time... usually we can get it working eventualy, but it's driving me crazy because I can't figure out how to fix it.
Anyone else having freaky printer problems after cleaning this virus off thier system?
Fixed any lingering probs I've had.
so far.......:rolleyes: :)
Blast... I already did that to no avail.
I uninstalled the printer on both the machine it's shared on, and the machine that's printing to it. I also downloaded brand new drivers from the web, thinking maybe the ones I had got corrupted. I uninstalled all the network components on said computer and installed fresh ones (new Network Card drivers from the web).
The strange thing is that one of the computers that has a shared printer giving me these problems never even had the virus (hard drive wasn't shared), so it must be the client that is the problem... weird
Ah well thanks anyways Shamus.
Well heres my issues with this worm. Okay, so i'm working at this company on 2 computers infected with this worm. I actually went to run the Symantec tool, but it didn't find any Opaserv worm. I know its there, because they have NAV 2002 loaded and tons of files in Quarantine. so i delete these files, remove any instance from the registry and win.ini, also removed 'put.ini' file. then i went to Sophos's site and downloaded the removal tool and ran the tool. Thanks to [/B]Shard92[B] for providing that link. all this time i disconnected the pc's from the network and removed the share from the root drive. One of the pc's also had printer problems, so i had to remove the driver and reinstall it and it would print just fine. It just took me several hours to track down some info on this, going here was incredibly helpful! I then updated NAV and then ran a scan and everything was clean.
This week they have had more printer woes, but no other virus related trouble.
Uninstalling printer, then reinstalling worked on one PC but not the others. Well, they did sort of work - you could see the ink levels on status manager, and it would print an alignment sheet, but came up with communication errors when in nromal printing. Print sharing was disabled on all.
The solution has held fast since Monday - swap the printers round on all the PCs!
had the same problem on an other network I worked on what I did is uninstall the printers and reconfigure them for the network and print sharing for some reason it does something to the printers now everything works fine have not had any problems again with the virus or the printers
I have run into this printer thing as well, Seeker9000. I actually had to capture the printer ports as LPT ports in order to be able to print to them. See if that helps any. Reinstallling new drivers for the printer did not help at all.
Actually it was Grandam who posted that link first, Todo! I do a lot of tech work but I don't normally do much with networking and haven't worked with netbios before. How do I remove it? It's active and won't let me turn it off. What functionality will i loose? I still have a cutomer who is getting an attack almost daily! He has a three computer network all with file and print sharing. Also they all connect to the same internet provider on the same account ( only one at a time ) but only one computer is getting the infections. ( which norton so far has caught and quarantined )It also doesnt' seem to be spreading to the other computers. The big differences are that he has one Winme (the infected one ) one win98se and one win95b! The 95/98 machines so far seem to have avoided getting the virus, either through the network or the internet connection. From what I understand of this virus, it contacts a conputer directly through tcp/ip via an open port and Ip address. Couldn't it then be blocked by a firewall? I noticed at home I've been getting hits on my firewall saying something about netbios.... Nothing has gotten through though.
Shard92 Did you download the patch from microsoft?http://www.microsoft.com/technet/tre...n/MS00-072.asp
Since I have fixed the problem with the tcp/ip settings none of my clients have called me and I called them yesterday to make sure everything was ok and no problem here is a link that talkes about the network protocols and it's a good site to check your internet security http://grc.com/su-bondage.htm
another thing I have tried. I did not change any settings made sure the system was disinfected and installed zonealarm. Bingo no more Opaserv it shuts ports 137 and 139 these are 2 good solutions that have worked for me. Hope this helps
:flame: :flame: :flame: :flame:
Thanks actually that does help. I'll have to check your link in the morning though as I'm running late now. I thought zone alarm might take care of it. And all those people thought I was crazy for running it on a dial up connection!