The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

 

 

We Build the Best & Repair the Rest! ©

 

Alerts Oct 2002

FAQ Search Virus Alerts Hardware Faqs

 

 

Computer Repair
PC Maintenance
Disaster Recovery
SpyWare Removal
Company Profile
Disclaimer
Contact Information
Home Users

 

 


October 2002 2001 Alerts 2001 Alerts January 2002 Alerts February 2002 Alerts March 2002 Alerts April 2002 Alerts May 2002 Alerts June 2002 Alerts July 2002 Alerts August 2002 Alerts Sept 2002 Alerts Oct 2002 Alerts Nov 2002 Alerts Dec 2002

 

 

 

 

Top 10 malware reported to Sophos in October 2002

Position Last
month		 Malware Percentage of reports
1 New W32/Bugbear-A
   77.6%
2 1 W32/Klez-H
   6.2%
3 New W32/Opaserv-A
   2.5%
4 7 W32/Yaha-E
   1.1%
5 10 W32/Badtrans-B
   0.8%
6= 8 W32/Nimda-D
   0.7%
6= New W32/Opaserv-C
   0.7%
6= New W32/Opaserv-D
   0.7%
9 6 W32/ElKern-C
   0.6%
10 New W32/Opaserv-B
   0.5%
Others 8.6%

 

This section helps you to understand how it behaves
W32/Opaserv-A is a worm that spreads via network shares.

When executed the worm will create a file called scrsvr.exe or alevir.exe in the Windows folder on the current drive. W32/Opaserv-A then adds one of the following registry entries to run itself when the system starts:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScrSvr =
C:\WINDOWS\ScrSvr.exe

or

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\alevir =
C:\WINDOWS\alevir.exe

The worm scans a range of IP addresses for the local area network searching for computers with an open C: share and NETBIOS enabled over TCP/IP. When a share is found the worm is copied to the Windows folder of that share and modifies the win.ini file so that the worm is executed the next time Windows is started on that computer. Once the local area network has been scanned the worm will start performing the same search on the internet starting at a randomly generated IP address. As a result anyone connected to the internet who has file sharing enabled and who enables NETBIOS over TCP/IP is potentially vulnerable to this worm.

W32/Opaserv-A also attempts to connect to a website that is currently unavailable. This attempted connection is most likely intended as a means of updating the worm executable.

The following three non-viral files may be found in the root folder of infected systems:

tmp.ini
scrsin.dat
scrsout.dat

Recovery
Summary Description Recovery
This section tells you how to remove the threat.
Read instructions on how to remove the W32/Opaserv-A worm and ensure your system is not vulnerable to reinfection.

 


 

Descriptions for Newly Discovered Threats (Includes Viruses, Trojans and Hoaxes)
Name Date Discovered Home Risk Corporate Risk Included In DAT
MSIL/Gaze@MM 10/29/2002 Low Low 4232
VBS/Sucop 10/28/2002 Low-Profiled Low-Profiled 4232
W32/Merkur@MM 10/28/2002 Low Low 4231
W32/Sponge@MM 10/26/2002 Low Low 4231
VBS/Helvis 10/25/2002 Low Low 4231
BackDoor-AMB 10/24/2002 Low Low 4231
Friend Greeting application 10/24/2002 N/A N/A 4231
VBS/Carewmr.A 10/22/2002 Low Low 4188
BackDoor-ALT 10/16/2002 Low Low 4230
W32/Gaobot.worm 10/15/2002 Low Low 4230
W32/Cozit.worm 10/14/2002 Low Low 4230
Othello joke 10/13/2002 N/A N/A 4229
W32/Appix.c@MM 10/09/2002 Low Low 4229
Unix/Backdoor-ADM 10/09/2002 Low-Profiled Low-Profiled 4229
W32/Fleming.worm 10/09/2002 Low-Profiled Low-Profiled 4228
W32/Tufast.worm 10/08/2002 Low Low 4229
W32/STD.d.worm 10/07/2002 Low Low 4229
W32/Veedna.worm 10/07/2002 Low Low 4229
W32/Cazinat.worm.b 10/07/2002 Low Low 4228
W32/Gaga.worm 10/07/2002 Low Low 4229
W32/Hobbit.c@MM 10/04/2002 Low Low 4228
W32/Hobbit.b@MM 10/02/2002 Low Low 4228


 

Google
 

This web is optimized for 800 x 600 monitor resolution or above and the latest web browser.  Get the latest IE or Netscape web browser.
(you need to connect to the internet first)

 

 

 

Copyright © 1998 The Computer Guys

 Back Home Up Next