I had this virus early this morning, then i found out that everytime i reboot my computer it also appear the same

0

I have a customer with this virus, running Win98. Cleaned off the virus, checked *everything* : registry, sysedit all clean. McAfee & Nortons can't find a thing. Reconnect to the internet and after about 5 mins online (with no internet activity) modem activity suddenly starts up and it is *downloading* scrsvr.exe from somewhere (broke connection and had partial scrsvr.exe file). Conclusion - there is an unrecognised opasoft component somewhere in the system still at work.

0

I also had it come back a few times it created 2 logs and a tmp.ini i think. Opened this ini and it had refrences to the worm. Deleted the above and have had no problems. Also I was using edonkey and I think that has something to do with it. Also do not email me this is not my email.

0

From a couple of messages on alt.comp.virus I finally twigged to what my problem is. I'd been giving scant notice to the messages about file sharing etc because the machine in question wasn't on a network. BUT I now see that once it dials out it is on a rather large network!, and there are that many infected machines out there that it is very quickly found and another copy of the virus is uploaded onto our machine! So yes it was cleaned properly, but because of lax file sharing options it was allowing other machines to connect while the modem was online, and they upload new copies. I'll go and bolt down all those unwanted file sharing bits.

0

The virus appears to re-infect when email or the net is accessed which would indicate that it has attached itself to outlook or mapi or IE. Re-installing these might provide a cure. I'm very surprised that Symantic has not come up with an answer, obviously this is a new variant.

0

Il mio PC e' stato infettato dal virus w32.opaserv.worm (alias w32/opaserv.worm). Sono 5 giorni che cerco di eliminarlo in tutti i modi possibili ma non ci riesco, nemmeno facendo ricorso alle soluzioni proposte da case costruttrici come la Symantec o McAfee. Il virus continua a rigenerarsi ogni qual volta navigo in rete. Cosa posso fare??????????? Help!

0

The virus W32.Opaserv.worm can access your computer anytime whenever you are connected to the Internet. It randomly sends this virus to computers that doesn't currently have it. This situation happened to me many times. Whenever I connect to the Internet (as in plugging my network cable into my computer), my NAV auto-protect pops up saying that I have this virus. Luckily I can delete the "scrsvr.exe" file that was infected. Apparently, the virus already wrote itself to my "win.ini" file, but no damage was done on my computer. When trying to prevent the virus from coming in again, use the removal kit from the Symantec site, and use a firewall to prevent the virus from coming back into your computer again. You can get a very good one at CNET's Download Site http://download.cnet.com and search for "Zonealarm". The free version works great. I have tested this method and I haven't received this virus again, unless I disabled my firewall. I hope this method can help prevent it from your computers as well.

0

I am tired of this W32.Opaserv.worm thing, I have 2 removal tools, did the Win98 fix, I have Norton and Protector plus and tried also manually to remove it. yet.. it keeps coming back every time I connect on line via my AT&T isp 56K modem. HELP !!! Trev.

0

check ur connection and install a firewall. i think the virus use the port 139 (netbios). plz check it!

0

Sou brasileiro (I am a brazilian) Quero ajuda sobre este worm scrsvr !! (I want help about this scrsvr worm !!)

0

Has anybody had ANY positive results in removing this virus? Just installed a firewall and still got it again! Where is it hiding and WHY can't Symantec, McAfee, etc. come up with a real fix?

0

http://www.itc.virginia.edu/desktop/virus/fixes.php3?fixID=61&virusID=54 go to this site... this 100% fixed the damn virus problem for me make sure you follow EVERY step. Good luck !

0

After reading web pages and trying various removal tools I discovered that the problem remained every time I connected to Internet. The only scanner I found,that discovers Opaserv.worm after the first try to delete it, is Sysclean by Trendmicro. Finally I tried Zone Alarm as suggested above and it seems to function sofar! Thanks!

0

First I disconnected all the computers from the network/DSL access. Then I individually did the Win98 fix, use Norton, and/or manually removed it. Also cleand tmp.ini, win.ini etc. Yet when I plug the comps back to the network/DSL, the virus comes back. ONLY THING THAT PREVENTED THIS VIRUS FROM THE ATTACK IS WHEN I CHANGED THE NETWORK SHARING TO READ ONLY MODE. any time when I change it back to full accass mode the virus is back. Here's what I think, there is some opaserv server out thare that has the IP add for all the comp that it has infected. So even after you clean the comp, whenever you go online with full network access mode it sends you the virus.

0

What about a cure for clients w/ dial-up connections to the 'net? I have 2 clients that are having the same trouble - virus isn't detected, but the win.ini error is coming up after getting on the 'net and then rebooting.

0

To remove scrsvr.exe I had to close all programs except systray and explorer. I used my trojan horse remover, while off-line of course. I disconnected the network as I had the virus in only one of my computers. I haven't had the problem since.

0

As suggested above by "scootrpy" used a trojan horse remover, but how is that possible? I mean the virus isn't a trojan horse virus. Its a worm virus. How does your trojan horse remover work? I also want to know what is a trojan horse remover because I want to have one just in case I have a trojan in my computer.

0

will somebody call the FBI to findout who created this messy stupid virus cuz i'm so getting tired of formating my f--king computer and the virus just keep coming back i so want to beat SHlT out of the guy who created this stupid virus

0

One computer on our network using dial up for internet access and for accessing our mail server using outlook is reinfected every time he checks him mail. NAV2002 finds the opaserv virus. It can't delete it, but does allow the user to quarantine the virus which helps only for that session. No removal tool has helped. I too am awaiting a better removal tool from symantec or others.

0

1. Disconnect the network 2. Use SysInfo or the program that can view process -> find the process "SCRSVR" -> and kill process them 3. Use Regedit to Remove Virus from Run 4. Edit Win.ini to Remove Virus from Run=?? 5. Del c:\tmp.ini 6. Del c:\windows\scrsvr.exe 7. Change the Sharing Files (if have) to Read Only Mode or Password Protection 8. Go On-line -> No Virus Found This Method don't need the Antivirus or others software .

0

Just something I found....the reason I kept getting the virus, is that I was infected with the W32.HLLW.Acebo virus, a back door unit that allows someone sitting in an IRC channel to do just about anything to your PC once its connected to the internet and infected. Seems to me that who/whatever it was just kept sending viruses my way. NAV was going off every 10 seconds with a different one. Go to Symantec and do an on line scan (I think this is similar running an MSDOS scan, as since its done from the internet, its not already infected with the virus, and the virus cant stealth itself). Once I took care of this, all the others stopped bothering me after I got rid of them too.... Hope this helps

0

Tried EVERYTHING and its still here. It has even downloaded more infected crap from the web (W95/spaces -1999- and W32/FunLove -1999- found by old McAfee DAT, when until last week NEVER HAD A PROBLEM!). Anyone getting these viruses these days after the opaserv infection? Another thing, does it just infect you by connecting to the web? No downloading infected files or attachments? Scary. Guess firewall is the only option (starting from a fresh system --fdisk--) until someone comes up with a good cure. Shame I'm not using Linux in all my machines. The only one with Windoze98 and it gets F***ed up. Great.

0

I hat success , when I set Read-Only-, Hidden-, Write-Protect- attribute to win.ini-file. Since I did it I had no more problems with opaserv..... DOS-Command: c:\windows attrib -s -r -h win.ini Good Luck Jens Höptner Germany

0

I have been figting this W32.Opaserv.Worm for the past two weeks now and it has prooved to be too powerful for NAV and its Tool removal. I have followed the removal instructions relegiously several times but it keeps coming back barely two minutes after getting back on Net. I am using Window 98se. Kindly help. Akinyemi

0

well i have had this virus for about 3 days after going thru all the system and useing regedit i see that the virus is useing 4parts in regedit numbers 20 21 22 23 24 and also putting itself into the run key so i deleted the keys above and the run key and rebooted and dont seem to have the problem again. the virus was showing up as brasil.exe,macro!.scr,alevir.exe,brasil.pif all in the c:\windows dir im useing windows me so me makes restore points and this files end up into the backup so heres the steps i took to remove it 1 goto my computer then control panel then system click onto performance tab then click file system then troubleshooting check mark disable system restore u wil not be able to restore back to a early date so be sure u want to do this. before rebooting install norton antivirus and update the virus lists dont let it reboot after install run regeidt and when this comes up click onto edit tab then find in the search box type in scrver let it search for it when it finds the key delete the key thier should be 2 keys for it then do the search for brasil the same way and delete the 2 keys do a search for micro! delete both this keys as well and the most inportant is the instit.bat file this is the file calling the rest from the internet ok before u reboot click onto start then programs then accessories then system tools then system information when the system info box comes up click onto tools then system config util when this box comes up click onto startup make sure to uncheck mark the virus names as above dont reboot yet click onto start windows explorer then my computer then to harddrive c: click onto the c:\windows dir find win.ini dbl click onto the win.ini file to edit it remove the line run=C:\windows\scrsvr.exe,c:\windows\scrsvr.exe,c:\windows\brisal.pif

0

Andrew E, Read your post, thank you. Are you saying that when you reconnect to a dial up, your pc doesn’t find a site that reinstalls the virus or one of its variations? This opaserv virus is really more multifaceted than most Anti virus software companies will acknowledge.

0

What hawk2 said has been already said by many other before him in this forum! the problem isn't fixed yet! I searched the registry (regedit) looking for INSTIT (hawk2 said it download the rest from the itnernet) but it is not present in the registry nor in all my computer (since i deletedit the first time). I looked for the other files in regedit but not found! (since i deleted it the very first time!) tried norton fixtool, tried manually but NOT SOLVED! EVERY TIME I CONNECTED TO THE INTERNET the virus is downloaded again, BUT FROM WHAT PROGRAM???? AND WHERE IS IT???? If i set my HD read only the virus do not came again, but i cannot set it as read only becouse it is a server of my accounting software!!! SIGH!!

0

1)search for the file win.ini 2)delete if the below path exists in that file Run =C:\windows\scrsvr.exe 3)Goto the location where original SCRSVR.exe is and delete the file 4)Unbind "files & printer sharing" from the TCP/IP protocol. steps 1.right click on network neighbourhood 2.select TCp/IP protocol 3.Press the properties button 4.select the binding tag 5.uncheck files and printer sharing 6.click 'OK' and 'OK' again and restart the computer

0