Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lee16 on August 25, 2004, 01:08:33 PM

Title: Virus cleaner
Post by: lee16 on August 25, 2004, 01:08:33 PM

hi

Win32:Opas [Wrm] (aka Opasoft, Opaserv) just tryed to access the interent, but i stoped it with my firewall, i went to where it was occording to syagte and scaned it with avast, but it couldn't remove it, about  minite after that i was removing it with the avast virus cleaner, but i was just wondering why the virus cleaner could remove it and avast AV couldn't, whats so different between them?, surley Avast AV could be that "powerful" and remove all viruses that way.


--lee

Title: Re:Virus cleaner
Post by: DavidR on August 25, 2004, 02:02:22 PM

This virus would appear to gain acces as a result of a vulnerability that has been patched.

From Trend Micro - WORM_OPASERV (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASERV.AD)

Quote

Description:

This worm is a variant of WORM_OPASERV.A. Unlike earlier variants, it uses the mutex name SpeedyDoS3 to indicate infection.

It uses the Share-Level Password vulnerability on Windows systems to propagate via network-shared C drives. This vulnerability allows remote access to a shared file on Windows 95/98 or ME systems without knowledge of the entire password assigned to the share.

For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:

      Microsoft Bulletin MS00-072 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp)

This worm also attempts to update itself via a certain Web site.

It runs on Windows 95, 98, ME, NT, 2000, and XP systems. However, it only spreads through Windows 95/98 and ME systems, which are affected by the Share Level Password vulnerability.

It would appear that you need to reapply that patch.

Title: Re:Virus cleaner
Post by: igor on August 25, 2004, 02:21:42 PM

Well, avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done. avast! Virus Cleaner does a memory scan first and kills the infected processes, so it works better in this case.

Title: Re:Virus cleaner
Post by: lee16 on August 25, 2004, 02:46:00 PM

DavidR

Thanks i applyed the patch again as you suggested


Igor

Quote

avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done

Does that mean that avast itself doesn't scan the registry for viruses aswell?

--lee

Title: Re:Virus cleaner
Post by: Eddy on August 25, 2004, 02:49:56 PM

Lee, visit Windows Update (http://windowsupdate.microsoft.com) and get/install ALL security patches.

Title: Re:Virus cleaner
Post by: igor on August 25, 2004, 02:56:09 PM

Quote from: lee16 on August 25, 2004, 02:46:00 PM

Does that mean that avast itself doesn't scan the registry for viruses aswell?

Right now, it doesn't. avast! v4.5 will automatically remove autostart registry entries of files being removed.
(Though the original question doesn't have anything to do with registry, I'd say).

Title: Re:Virus cleaner
Post by: lee16 on August 25, 2004, 07:09:28 PM

Eddy

All windows critical patches are always installed (i check once a day), its just davidR suggested i reinstall it.

Igor

Quote

(Though the original question doesn't have anything to do with registry, I'd say).

The virus in the origional question had several registery keys that the virus cleaner deleated.

Quote

avast! v4.5 will automatically remove autostart registry entries of files being removed

looking forward to that v4.5 then.


Thanks to everyone who helped clear this query(s) up for me

--lee