A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or email attachments.A couple of old-school (2002) worms are being let out onto the digital frontier again. They are easy to spot, most often appearing in Windows warning boxes during start-up. The good news is that you can easily delete them (newer systems have problems loading the drivers, thus exposing the little culprits!)
Opasoft goes by several names: Alevir, Brasil, Marco! and Instit.bat. It is a 'share aware' worm that propagates through unprotected or weakly passworded shares. The worm file is copied to the Windows directory on the victim PC and initialized through one or more of the following methods: From the registry's machine 'run', by direct call to the worm driver (Scrsvr, Brasil, Alevir, Marco!, or Instit.bat) from a run command in win.ini, or indirectly, by run=c:\tmp.ini, where tmp.ini calls the worm driver through a 'run=' entry.
To remove manually: start REGEDIT and delete the key that points to the bogus driver (Scrsvr, Brasil, Alevir, Marco!) under machine 'run'.
Next, open Win.ini with Notepad, or SysEdit and delete the line(s) that start with 'run=' and contains one of the worm's driver names.
Reboot the computer, and delete any of the following: Alevir.*, ScrSvr.*, Brasil.*, Marco!.* and C:\tmp.ini, if found.
Be sure to check for "secondary infectors" carried by Opasoft are Funlove, Spaces.1445, Dupator and Parite.
0 comments:
Post a Comment