I-worm/opas

copykat

copykat

1
I´ve got an viruswarning about this one....i´m using AVG.

Now the problem, i can´t get rid of this one.

I´ve deleted the file scrsvr.exe from the Windows folder.
Erased the line in the win.ini file who would executed it.

Erased in autostart in "msconfig" 2 commands who would start
it up again the next time i started my PC.
Line 1 was c:\windows\scrsvr.exe
Line 2 was run = c:\windows\scrsvr.exe

If i erase the command in win.ini it would come back but next
time it stands
norun = c:\windows\scrsvr.exe
run = c:\windows\scrsvr.exe c:\windows\scrsvr.exe

Read about this one on F-secure but no more info than i already found out by myself.

I also found in c:\windows\applog
an file called scrsvr.lgc
Nothing on F-secure about this ?

My question is what this lgc file does ??
What is lgc normally for ??

In this lgc file i found in the first lines a command to execute
this exe file in windows.

While i searched for this lgc file the exe file was back in windows again even if i erased it just a couple of minutes ago.

Please help, i´m getting pissed off now :mad:

Tomorrow when i turn my can on again it sure will be back again.
:mad: :mad: :mad: :mad: :mad:

Copykat

What to do :confused:
 
FortiTude

FortiTude

1
copycat have a look at these two webpages, they have a description on how to remove that virus (backdoor) important is to stop the running process as it will always recreate the settings and the file and remove the reigistry value described on these pages:

_http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html
and
_http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPASOFT.A#solution

i hope you can get rid off it now !
FortiTude
 
copykat

copykat

1
Thanx Fortitude

I read on Symantecs site and it was very good reading.

Hopefully i will get rid of this bastard now.

Thanx again man !

Copykat
 
You must log in or register to reply here.
Top