Author Topic: Virus cleaner  (Read 5739 times)

0 Members and 1 Guest are viewing this topic.

lee16

  • Guest
Virus cleaner
« on: August 25, 2004, 01:08:33 PM »
hi

Win32:Opas [Wrm] (aka Opasoft, Opaserv) just tryed to access the interent, but i stoped it with my firewall, i went to where it was occording to syagte and scaned it with avast, but it couldn't remove it, about  minite after that i was removing it with the avast virus cleaner, but i was just wondering why the virus cleaner could remove it and avast AV couldn't, whats so different between them?, surley Avast AV could be that "powerful" and remove all viruses that way.


--lee

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re:Virus cleaner
« Reply #1 on: August 25, 2004, 02:02:22 PM »
This virus would appear to gain acces as a result of a vulnerability that has been patched.

From Trend Micro - WORM_OPASERV
Quote
Description:

This worm is a variant of WORM_OPASERV.A. Unlike earlier variants, it uses the mutex name SpeedyDoS3 to indicate infection.

It uses the Share-Level Password vulnerability on Windows systems to propagate via network-shared C drives. This vulnerability allows remote access to a shared file on Windows 95/98 or ME systems without knowledge of the entire password assigned to the share.

For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:

      Microsoft Bulletin MS00-072

This worm also attempts to update itself via a certain Web site.

It runs on Windows 95, 98, ME, NT, 2000, and XP systems. However, it only spreads through Windows 95/98 and ME systems, which are affected by the Share Level Password vulnerability.

It would appear that you need to reapply that patch.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Virus cleaner
« Reply #2 on: August 25, 2004, 02:21:42 PM »
Well, avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done. avast! Virus Cleaner does a memory scan first and kills the infected processes, so it works better in this case.

lee16

  • Guest
Re:Virus cleaner
« Reply #3 on: August 25, 2004, 02:46:00 PM »
DavidR

Thanks i applyed the patch again as you suggested


Igor
Quote
avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done

Does that mean that avast itself doesn't scan the registry for viruses aswell?

--lee

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus cleaner
« Reply #4 on: August 25, 2004, 02:49:56 PM »
Lee, visit Windows Update and get/install ALL security patches.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Virus cleaner
« Reply #5 on: August 25, 2004, 02:56:09 PM »
Does that mean that avast itself doesn't scan the registry for viruses aswell?

Right now, it doesn't. avast! v4.5 will automatically remove autostart registry entries of files being removed.
(Though the original question doesn't have anything to do with registry, I'd say).

lee16

  • Guest
Re:Virus cleaner
« Reply #6 on: August 25, 2004, 07:09:28 PM »
Eddy

All windows critical patches are always installed (i check once a day), its just davidR suggested i reinstall it.

Igor

Quote
(Though the original question doesn't have anything to do with registry, I'd say).

The virus in the origional question had several registery keys that the virus cleaner deleated.

Quote
avast! v4.5 will automatically remove autostart registry entries of files being removed

looking forward to that v4.5 then.


Thanks to everyone who helped clear this query(s) up for me

--lee