all the fixes i can find for this worm assume i can edit registry settings and delete files. is there any fix once the worm locks my machine with the "...violation of the digital millinium copyright..." screen? the mcafee site talks about damage to the cmos. is this why although i can set it to boot cdrom first, it wont?? thanks for any help. it's my wife's pc, and i'm in deep doodoo.

If you got that message, everything on your machine is gone... You will have to enter Setup and restore all the CMOS settings then format and re-install Windows http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html

thanks for the quick reply, allbeit bad news. 2 questions, if i might: 1. not that it matters now, but do you know how it decides when to switch from annoying worm with brasil, alevir, scrscv (i found them all on my other computer) to destructive (with mslicenf)? apparently, at least on my surviving machine, the worm's edit of the win.ini isn't exact with the syntax, so i have been seeing messages on boot about "mising c:\windows\brasil.pif as specified in the win.ini file" for weeks. 2. i admit i give NO attention to security, but i thought i was kinda safe by binding by network card to MS file and print sharing, as well as client for ms networks, but making sure my dial-up adapter was not. obviously, i was wrong.

Do a search at the top of the page using security section and there are all kinds of information about opaserve. Brad Peterson has done a lot of research and provided the most helpfull information. Just a few entries down is another request for help dealing with the new destructive version that you unfortunetly picked up. Brasil files are a sure sign of the worm, and you probably have gone to Symantec/Trend Micro and seen that it must be deleted. You must use your firewall to prevent reinfection. Be sure to check and if necessary clean out all your shared printing files. Each computer must be isolated from the other computers in the network to clean it. It is a very persistant pest, and is searching for any computer that still has part of the worm so it can spread! Take care and all the best!

For a really nice Opaserv.K description, check out this post http://www.computing.net/security/wwwboard/forum/3784.html For a even better Opaserv writeup, that will answer all your questions, including the "how does Opaserv pick which variant to use" question, check out this post. http://www.computing.net/security/wwwboard/forum/3289.html You need to check out that last one for sure. You MUST protect yourself from getting reinfected so that this doesn't happen again Brad Peterson b_peterson@yahoo.com

var people_thanking_brad += ;

Hello when i got read of the yaha virus all my documents wre deleted how can i restre all of them pl people tell me how can i restore them