Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lee16 on August 25, 2004, 01:08:33 PM
-
hi
Win32:Opas [Wrm] (aka Opasoft, Opaserv) just tryed to access the interent, but i stoped it with my firewall, i went to where it was occording to syagte and scaned it with avast, but it couldn't remove it, about minite after that i was removing it with the avast virus cleaner, but i was just wondering why the virus cleaner could remove it and avast AV couldn't, whats so different between them?, surley Avast AV could be that "powerful" and remove all viruses that way.
--lee
-
This virus would appear to gain acces as a result of a vulnerability that has been patched.
From Trend Micro - WORM_OPASERV (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD)
Description:
This worm is a variant of WORM_OPASERV.A. Unlike earlier variants, it uses the mutex name SpeedyDoS3 to indicate infection.
It uses the Share-Level Password vulnerability on Windows systems to propagate via network-shared C drives. This vulnerability allows remote access to a shared file on Windows 95/98 or ME systems without knowledge of the entire password assigned to the share.
For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:
Microsoft Bulletin MS00-072 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp)
This worm also attempts to update itself via a certain Web site.
It runs on Windows 95, 98, ME, NT, 2000, and XP systems. However, it only spreads through Windows 95/98 and ME systems, which are affected by the Share Level Password vulnerability.
It would appear that you need to reapply that patch.
-
Well, avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done. avast! Virus Cleaner does a memory scan first and kills the infected processes, so it works better in this case.
-
DavidR
Thanks i applyed the patch again as you suggested
Igor
avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done
Does that mean that avast itself doesn't scan the registry for viruses aswell?
--lee
-
Lee, visit Windows Update (http://windowsupdate.microsoft.com) and get/install ALL security patches.
-
Does that mean that avast itself doesn't scan the registry for viruses aswell?
Right now, it doesn't. avast! v4.5 will automatically remove autostart registry entries of files being removed.
(Though the original question doesn't have anything to do with registry, I'd say).
-
Eddy
All windows critical patches are always installed (i check once a day), its just davidR suggested i reinstall it.
Igor
(Though the original question doesn't have anything to do with registry, I'd say).
The virus in the origional question had several registery keys that the virus cleaner deleated.
avast! v4.5 will automatically remove autostart registry entries of files being removed
looking forward to that v4.5 then.
Thanks to everyone who helped clear this query(s) up for me
--lee