The ultimate opaserv fix!!

Computing.Net > Forums > Security and Virus > The ultimate opaserv fix!!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

The ultimate opaserv fix!!

Name: Brad Peterson
Date: November 17, 2002 at 16:27:45 Pacific
OS: Win98
CPU/Ram: 256

Comment:

Here it is, the final Ultimate Opaserv fix.
Thanks to JubJub, Speedy, Capt, WhoDunnit, John, Angie, Cort and anyone else who contributed to figuring this out. If anyone else was overlooked, just reply to this post demanding attention as well. =) The article is written as follows, the explanation of how Opaserv is first, the fix is after.
Explanation:
Opaserv works in the following manner. You can initially get infected 2 ways, either through shared drives on a LAN, or through remote infection over the internet. The local network infection is simple to explain. First, another computer on your network becomes infected. Their computer looks on the network for any shared C drives. If it finds one, it attempts to access it. If it gains access, it modifies the win.ini and the registry, and then copies the variant to the c:\windows directory. The virus doesn't activate until the computer is rebooted.
To get infected over the internet is a longer story. It all starts on a bright sunny day. You're innocently connected to the internet, without a worry in the world about all the massive security flaws your computer has. Meanwhile, somewhere in the world, some infected computer is scanning IP addresses, looking to infect whoever it can. It eventually comes to your IP address. It does a "hello, are you there" type request over port 137. Your computer will respond with "yes, I'm here." It will now communicate with you more, with all further communication taking place over port 139. This computer tells you to give it access to your shared hard drive. If you don't have a password, Windows automatically gives it access. If you do have a password, its initally denied, but it continues to request access to your shared hard drive numerous times to exploit a flaw. Eventually, your Windows gives in, and this virus now has access. It now asks you to create a file (name of the variant) in your c:\windows directory. It then downloads the contents of the virus to your computer, placing these contents in the file is just created. It then modifies your registry and win.ini file. At this point, Norton will finally catch it, warn you, and then remove it. Finally, the contents of your win.ini file are sent back to this evil computer who infected you.
Once you're infected (assuming an anti-virus software didn't catch the virus download), the virus is dormat on your hard drive until you reboot. On the reboot process, the computer will run the statements the virus placed in win.ini and the registry, thus activating itself. You then become actively infected, and now you become the evil infected computer. Your computer will try to infect any shared drives on a LAN. Also, while online, your computer will scan IP addresses, starting locally, then scanning down random IP addresses. When it finds somebody, your computer sends them the virus, and they send you their win.ini file (their win.ini is instantly discarded by your computer, thus not used for anything. But its sent to you anyways).
Because of all this, its possible to get reinfected ever few minutes while you're online. These reinfections will randomly be any one of the Opaserv variants...it all depends on what an infected computer sends you. Norton does remove the virus from your computer, but it doesn't stop you from getting reinfected again.
(Many small details have been left out of the explanation. They are not important to grasping the concept of how this virus works. If you want those extra details, check out these links
Symantec's Opaserv.A, scrsvr.exe explanation
Symantec's Opaserv.E, brasil.pif explanation
Symantec's Opaserv.G, marco!.scr explanation
Symantec's Opaserv.H, instit.bat explanation
note that Symantec considers alevir.exe to be opaserv.f, but they have no writeup on it. It creates other files and tries to access other websites not listed in any of those Symantec sites
Sometimes, opaserv copies the win.ini file as different file names.
WhoDunnit found that the virus may copy it to win.syd, as explained in this post, although it might not be caused by the virus, but by a backup utility
I explained how Opaserv may trash your win.ini file, thus ruining settings like fonts or printers, and that you can use the backup win.ini files the virus copies to restore your win.ini file. Read here, respone #10
For the exact method the virus uses to scan other computers, see JubJub's explanation here, at response #10)

THE FIX (woohoo!):
The fix isn't as straight forward as most people think, becuase of this, I have to say the following in caps.
IF YOU SIMPLY USE ANTIVIRUS SOFTWARE AND DELETE CERTAIN FILES AND REGISTRY ENTRIES THE VIRUS CREATES, THE WORM WILL COME BACK!
Opaserv needs to exploit 3 security flaws in order to infect you. The three flaws are these: 1a) Shared drives without a password, or 1b) Password protected shared drives WITHOUT the patch from Microsoft 2) Network services, adapters, and protocols that are all bound together. 3) Wide open ports 137-139 to anyone on the internet. If you fix any 1 of these 3 flaws, you'll be safe from the virus!
I will discuss how to go about fixing each of these 3 flaws. Remember, all you need to do is just fix 1 of these 3 flaws, and you're safe from the virus. So you can pick what ones you want to fix. Also, before we begin, you must remember to disconnect from any network and internet connection. Also, scan your computer using a Opaserv removal tool, such as the one Norton provides here.
To fix flaw #1, improperly shared drives. This is a huge flaw, because if you have a shared drive, without a password, and your connected to the internet (provided you also have security flaw #3, which you have by default), you have just given anyone on the internet free access to your hard drive! So you have 2 options to stop this. Option #1) Remove your shared drives. If you dont have any need to share your hard drive, DON'T! Option #2) Put a password on your shared drive, AND get the microsoft patch here from Microsoft.
(Note: Keep in mind that currently, the internet is polluted with Opaserv reqests and transmissions going on all over the place. Even though you apply this fix, this won't stop random infected computers from constantly scanning and requesting access from you. It won't really harm your bandwith, but it can be really annoying. A firewall such as ZoneAlarm will stop this)
To fix flaw #2, where network services, adapters, and protocols all bound together. This fix is rather complicated. It advocates NetBEUI for a LAN, and the TCP/IP protocol for the internet. It will also block your ports 137-139. But this fix can be somewhat technical, and may not be for everyone (even though it has great instructions and screenshots). For example, I couldn't use it because I would have to fix all of our LAN's computers individually, which would take forever. Also, our LAN uses the TCP/IP protocol instead of the NetBEUI protocol. (We didn't want to change our network to NetBEUI since most networks are configured over TCP/IP, and also because WinXP, doesn't even come with NetBEUI anymore.) Anyway, the fix is found at this site https://grc.com/x/ne.dll?bh0bkyd2 . First, run the "Probe My Ports!" test. It will show you your vulnerabilities. Next, go down to section #5, "Network Bondage", that will explain how to unbind everything properly.
To fix flaw #3, where ports 137-139 wide open on the internet. To properly close/hide these ports, get a firewall. By hiding behind a firewall, nobody on the internet could know these ports exist. If they still try to access your ports, the firewall will block them. For individual computers, a nice free firewall is ZoneAlarm, which can be downloaded here. But generally, any firewall will do. On a network, configure your firewall to block outbound communication over ports 137-139. This is my most recommended fix, since a firewall will protect you against this virus as well as other viruses or hackers. It's a bit of a pain to get a firewall configured correctly, especially if you are on a LAN, but the work is definitely worth it.
Personally, I use fix #1 and #3, passwords on my shared C drive to stop access to my drive, and a firewall to keep me really secure. Other people have different fixes. You need to decide what's best for you. Your fixes will vary depending on the computer situation. If any of this was confusing to you, or you need help implementing a fix, please feel free to email me. I know what its like being frustrating not being able to get rid of this virus.
I sure hope this information is useful! Again, I appreciate all the help that everyone contributed in order to reach the ultimate opaserv fix.
Brad Peterson
b_peterson@yahoo.com

Sponsored Link

Ads by Google

Response Number 1

Name: capt
Date: November 17, 2002 at 17:14:35 Pacific

Reply:

Thanks Brad, for all the work! You take care and all the best!

Response Number 2

Name: EC
Date: November 17, 2002 at 17:33:12 Pacific

Reply:

Did you get your explanation and ideas from Symantec's web site, because it seems there is really nothing new here, as basically anyone who has no firewall, no patch, no passsword protection, ignored well-known, dangerous protocol bindings, ignored IP scans (security logs), wide open LANs, etc will be infected with Opa, and/or any of its many variants and due to its design will likely get reinfected, then become the MASTER looking for the SLAVE, after being the SLAVE, etc.
Every bit of these security issues have been reahshed over and over again, all over the web, at Steve Gibson's web site, etc.
The only interesting and unique feature I noticed (again) was how people were so willing to engage in avtivity to get infected.
EVERY, SINGLE, threat mentioned here is PREVENTABLE.

Response Number 3

Name: Brad Peterson
Date: November 17, 2002 at 18:26:17 Pacific

Reply:

EC,
I appreciate all the thanks you showed for our many hours of hard work. Thanks for your "I already knew that" attitude. Thanks for assuming that I just rehashed Symantec's website, and that this is all old news.
Perhaps you can find the place for me in symantec's Opaserv pages where it specifically states you MUST password protect your shared drive? Guess what, it doesn't. It just casually mentions password protecting in their basic security practices. It does provide a link that tells how to password protect your drives, unfortunately, the opaserv writeup describes that link as containing more help removing your shared drives. I'm no computer genius that you profess to be, so I took Norton at their word by following everything they said I must do. I kept getting reinfected, and couldn't figure out why because of this. I followed their rules, just like all the other people who have come to computing.net with reinfection problems. (BTW. I didn't password protect my drives because my work doesn't follow this policy)
Again, perhaps you can find the place on Norton where it specifically mentions how you get reinfected, or over what ports, or why you get randomly infected with different variants online? Or how about the spot where its possible to beat the virus by solely changing your bindings? Or the spot where it says that a firewall itself will stop reinfections so you don't need to password protect your shared drives? Or where it mentions that the .ini files it creates are actually a copy of your win.ini file? Or maybe you can explain why they said "NOTE: There have been some reports of reinfection when using a dial-up connection. Although this has not yet been confirmed" If they understood this virus, they'd never write that.
You might argue "But if you had some computer knowledge, all of what Norton's opaserv pages said would make sense, and you'd already have the fix." Let me ask you this, what percentage of NAV owners previously understood, as you stated, that "basically anyone who has no firewall, no patch, no passsword protection, ignored well-known, dangerous protocol bindings, ignored IP scans (security logs), wide open LANs, etc will be infected with Opa"?
99.9% of us don't! We rely on Norton to *plainly* tell us the things we need to do. As for the .1% of arrogant guru's such as yourself, you'll have no problem.
Computing.net is a people's forum, for average, every day computer users to get together and figure out answers. What we provided here for Opaserv is a much better detailed explaination and fix than on any anti-virus website. Its tailered so a user can choose what fixes he needs for his particular computer setup. People can read this article, and see how understand how they got infected. People can begin to see the need for protection such as a firewall. People can reply, asking for help on a particular topic, and we'll give it to them.
Next time, EC, try to use your all-powerful knowledge to not assume so much and instead positively contribute to fixing people's problems.
Brad Peterson
b_peterson@yahoo.com

Response Number 4

Name: capt
Date: November 17, 2002 at 18:37:19 Pacific

Reply:

EC, what you say is really true for just about any virus. I think that this thing really caught fire when all kinds of people were having problems with the XP service pack 1. Many people were afraid to get the service pack, because of the horror stories and requests for help that people were making. GRC had the patch, but how many people new about it? I know I tried to tell people to go the GRC site and at least get that patch when I tried to offer help to those dealing with the service pack problem. The emphasis was on XP, while 98,ME,2000,NT also needed their own individual patches during that time. Those especially hit hard, seemed to be those on a network that had several operating systems in use. I know that I have learned a lot from your responses. I appreciate the knowledge that you share to help others. That is what makes this forum work, and thanks for the observation. Once again thanks Brad. Take care and all the best!

Response Number 5

Name: EC
Date: November 17, 2002 at 20:04:15 Pacific

Reply:

BP:
I can say for myself that your hard work was noticed and appreciated, that's why I responded to your post. The SUBJECT TITLE you used caught my eye, and it made me preconceive that you discovered something NEW, but then I saw a litany of basic PC user security advice, mostly, which of course Symantec and so many others make a living by saying everyday. Then, I just added my opinion. Nothing better or worse, just what my experience had been, in that if you want a good look at what's out there, navigate to the links below, especially the underground, hacker site, NEWORDER:
CLICK HERE for IT-DIRECTOR
CLICK HERE for NEWORDER UNDERGROUND
Am glad you took this issue and ran with it and reported back, as that's what this forum represents. Seems like you and others learned a lot here about OPA, as I have on other postings. And I think it's very unfortunate that so many PCs have been re-infected by this insidious, evil creature.
So, I think there is room for your ideas, theirs and mine too, including those who you/I may not agree with, for whatever reason. That's why I actively read/post/respond to
5 computing-related boards, but I do tend to see much of the same info over and over again.
Believe me, I'm not an elitist.
And, I am reminded that we all can be aware that a readers' translation may NOT be the actual true picture of the intented written comments. Just as the author may sometimes
want to EDIT what they wrote.

fix mp4 nv4_disp fix ares the ultimate warrior Marcos Duroe percentage of mac users change installation destination modifying the dock bash remainder Some of your private key files are encrypted for security reasons. In order unix sort position	windows port test ksh first character awk first character bash if tr Bad string see port cnastudy literature bat create directory with name of date complete format dec 21140
See More

Response Number 6

Name: wawadave
Date: November 17, 2002 at 20:16:24 Pacific

Reply:

hello
brad your doing a fine job thx

Response Number 7

Name: Brad Peterson
Date: November 17, 2002 at 20:42:04 Pacific

Reply:

EC,
No problem. Its just that after all that hard work...to hear someone appear to bash my article, kind of bugged me. =) I'm glad to know you enjoyed it, and that you agree that people need to know more about these security flaws.

By the way, you say you are involved in 5 or so other newsgroups. Have other people talked about Opaserv like we did here? If so, can you give me links?
Thanks
Brad Peterson
b_peterson@yahoo.com

Response Number 8

Name: EC
Date: November 17, 2002 at 21:55:42 Pacific

Reply:

Here you are:
http://www.wilderssecurity.com/index.php?board=31
http://www.antionline.com/forumdisplay.php?s=1d9b091e5a33a65326b34970a915608a&forumid=64
http://forums.speedguide.net/forumdisplay.php?s=59bb99638bac0ca95802f4c47cc71d25&forumid=46

http://www.dslreports.com/forum/security,1
http://209.100.212.5/cgi-bin/cbmc/forums.cgi?grabtopic=Submit&datopic=Incidents&uname=anonymous&authkey=anonymous&bct=1

Response Number 9

Name: Brad Peterson
Date: November 18, 2002 at 06:43:35 Pacific

Reply:

Dangit EC, you're right. This link right here explains pretty much what I just said.
http://www.dslreports.com/forum/remark,4626031~root=security,1~mode=flat
I wish I would have found this link a month ago, so I wouldn't have wasted so much time figuring it out myself. Oh well, I sure learned a ton along the way.
Brad Peterson
b_peterson@yahoo.com

Response Number 10

Name: Mike
Date: November 18, 2002 at 08:28:01 Pacific

Reply:

Brad:
I have been very frustrated with this virus for weeks and after reading through this forum I now have (finally) some confidence I can get rid of it. I have implemented items 1 and 2. In working through Item 2, I closed port 139, but did not see ports 137 or 138. I used the ShieldsUp website to guide me through the NetBEUI re-configuration.
Even after doing the above, I still have a few remnants that I'm concerned about. I'll describe them here to see if anyone else has seen these.
First, after implementing the NetBEUI changes, installing the Microsoft patch (for the 3rd time), running the Symantec Fix tool, and closing port 139, things seemed to be o.k. Then all of the sudden, I could not get my start button to work. I also noticed that the power monitor on my dell laptop did not show up near the clock. I rebooted via disk and discovered two .ini files in c:\ that I had not seen before: mstrinf.ini and wfcname.ini. I deleted mstrinf.ini and my problems were solved. (I have not had any problems with brasil, alevir, scrsvr, gay.ini, put.ini, temp.ini, registry files or my win.ini since I used the Symantec Fix tool)
Do you have any idea where these ini's came from? Have you seen them before?
The second thing that still keeps happening is that every time I boot, I get a message box that indicates that a "A remote connection is not currently established, would you like to Work Offline, or Try Again." Basically it appears to me that the virus (that is still on my computer) is trying to download information from a certain website (as outlined on Symantec's Opa literature) and since I'm not on-line yet, this error appears.
Do you know what I can do to permanently get rid of these virus remnants? I'm really close to a complete format and reload of my system.
Thanks for your help.
Mike

Response Number 11

Name: Derek
Date: November 18, 2002 at 08:32:05 Pacific

Reply:

Great job Brad, this really helped me a lot, this site will stay on my favorites list.
Keep up the good work and thanks again!!

Response Number 12

Name: Felestin
Date: November 18, 2002 at 11:28:12 Pacific

Reply:

hi,
Does anyone know if opaserv is brute forcing the windows share or it exploits a known/unknown bug in the windows sharing machine?. Also if the the worm when it probes, or in the procces of communicating , the windows shares sends a unique string with the packets send? forgive me for my bad english.
You are doing a nice work here...

Response Number 13

Name: EC
Date: November 18, 2002 at 13:20:55 Pacific

Reply:

Hang out in so many forums and soon you really start to see the pattern and activity of security issues and being near the start of the curve, staying near the top is very useful.

Response Number 14

Name: Brad Peterson
Date: November 18, 2002 at 15:03:05 Pacific

Reply:

Mike,
Fix #2 did turn off ports 137-139. I know grc.com didn't mention that too specifically, but don't worry, you've taken care of those ports.
As for the ini files. They're definitely not from Opaserv. I have no clue what they are. Do a google search on each filename and see what you can find.
As for the "A remote connection is not currently established, would you like to Work Offline, or Try Again." This sounds like Windows, Internet Explorer, or Outloook Express. Its not from Opaserv. Once you clean off Opaserv, its gone and your clean...its others who probe and reinfect you if you're vulnerable.
Brad Peterson
b_peterson@yahoo.com

Response Number 15

Name: Brad Peterson
Date: November 18, 2002 at 15:09:00 Pacific

Reply:

Felestin,
Opaserv exploits a known bug with file sharing. Microsoft sort of explains it, and has a patch for it.
The explanation in this site "A HREF="http://www.dslreports.com/forum/remark,4626031~root=security,1~mode=flat">http://www.dslreports.com/forum/remark,4626031~root=security,1~mode=flat explains a little more of what happens, here's a quote: "In case the resource is protected by password the worm tries to open it with all one-symbol passwords (brute-force attack)." I noticed a similar thing on my computer. It kept trying every second, but was was rejected, until suddently, it was granted access. I've heard the bug means you only need to have the first letter of the password to get through, but I'm not positive of that.
Brad Peterson
b_peterson@yahoo.com

Response Number 16

Name: Jubjub
Date: November 18, 2002 at 15:49:29 Pacific

Reply:

Felestin,
Opaserv exploits a known security issue in Share-Level access shared folders. The issue is that only the first character of your password is required in an unpatched machine for a connection. If opaserv can see you have a shared c: drive it will fire single charcters at your pc until it finds the first character of your password and your pc will then allow the connection. This is why users MUST install this patch to avoid reinfection. Or they could close file sharing altogether.
Mike,
Mstrinf.ini appears to be the .ini file for your soundcard.
Wfcname.ini is related to the Citrix remote client software. I dont know much about this software but i just did some googling and found instructions for a secret install of this program. Hmmm. This is what your error messages could be related to as far as a remote connection goes. This message as far as i know is not related to or because the worm could not contact the website. If you have followed Brad's instructions the worm is gone and will not come back.
I would do some googling and find out more about what is going on with your machine.

Response Number 17

Name: Mage
Date: November 19, 2002 at 06:54:04 Pacific

Reply:

Thanks for the fix guys! I've been battleing this little bugger at my works P2P network. The question I have for you is...Has anyone else had problems with other viri getting through? I isolated Opa down to the server and it kept getting infected with:
W32/Hai.worm,
W32/FunLove.gen,
W32/Nimda.gen,
and the MIME-exploit.gen.
Oh and occasionally W95/Spaces.gen. Every one on the network keep getting these until I cleaned them of Opa and they havn't had them since. I'm running McAfee virus 7.0 and fire wall 4.0 and they would get past them. With them updated.

Response Number 18

Name: David
Date: November 19, 2002 at 11:52:19 Pacific

Reply:

I have to say...I really enjoy this website!!!
It is very frustrating battling evil menaces like Opaserv and the like. Sometimes feathers get ruffled in the process through a simple misinterpretation of words...it happens.
It's also good to see that even through all this, you guy's (all you advice givers and soulution seekers) recognize each other's talents and gifts and are respectful of such. Sometimes disagreements are good considering they are handled in a correct manner.
My point is...as said over and over again by those like myself who continuing to learn everyday about computers and everything that goes along with it both good and bad...if it were'nt for you all and website's like this, my job here would be much more difficult than it already is. I rely on this site and others like it to help my education process and seek advice to problems I encounter which would otherwise cost no telling what! Most non-profits like ours don't have "padded" budgets to cover those unexpected problems.
My thanks to all of you who are doing the good work and for giving honest and reliable advice just for the asking!
It's needed!!!

Response Number 19

Name: Brad Peterson
Date: November 19, 2002 at 16:55:51 Pacific

Reply:

Mage,
Some opaserv have been coming packaged with other viruses lately. A few days ago while testing, I got marco!.scr with I think funlove as well.
I wouldn't be surprised if all of those viruses got packaged along with it.
Brad Peterson
b_peterson@yahoo.com

Response Number 20

Name: A2Z
Date: November 19, 2002 at 18:31:34 Pacific

Reply:

It seem kinda funny but a virus (or worm) being infected with a virus???
This is a Quote from Symantec:
"NOTE: There have been several reports of infections by this worm in which the worm itself was infected with a virus that then also spread to the infected computer. For this reason, we suggest that after you have finished removing W32.Opaserv.Worm, that you run a full system scan. If any files are detected as infected with a different threat, go to http://securityresponse.symantec.com/avcenter/vinfodb.html, enter the name of the detection in the field, and then click search. Open the document if one is found and follow any removal instructions."
found here ---> http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html

Response Number 21

Name: Wolf Diem
Date: November 20, 2002 at 03:32:48 Pacific

Reply:

When connecting to the internet, my system sends an ICMP(10) to 224.0.0.2 (all-routers.mcast.net). This site then sends alevir etc. W.32opaserv keeps saying there is no virus.
The IMCP-request seems to come from the tcpip-kernel, but I don�t know which file(s) to replace.

Response Number 22

Name: Angie
Date: November 21, 2002 at 22:07:50 Pacific

Reply:

Brad!!
Wow, this is EXCELLENT work! It's one thing to have the time and patience to commit to the experiments you ran, but then to take the time to type it all out so the rest of us can learn from it - all I can say is you are AWESOME! :)
And, as others have already said, this board is first class!
Thank You!!
~~ Angie

Response Number 23

Name: REX
Date: December 5, 2002 at 04:47:22 Pacific

Reply:

Gidday Brad,
Could not get rid of the little opaserv suckers of my small home network server. Followed your instructions (1 & 3) that is, 2 sounds a bit drastic. Downloaded ZoneAlarm and it works well.
I do not get any more virus warnings whilt on the net. Currently running PCCillin.
I also used the helpful Opaserv Detection/Disinfection tool on
www.ku.ude/acs/virus/viruses/opaserv.shtml. I also deleted them from win.ini.
Worked like a charm! I would like to get my hands on the clowns that make these!!!
Thanks for your help.
Rex

Response Number 24

Name: Tomko
Date: December 9, 2002 at 04:53:51 Pacific

Reply:

Hi,
If you want to use NETBEUI under WinXP, you may do it. NetBEUI protocol is located on Windows XP install CD: x:\VALUEADD\MSFT\NET\NETBEUI\
BTW, Good work!

Response Number 25

Name: Jonathan Chan
Date: December 16, 2002 at 10:39:08 Pacific

Reply:

Wow...That's alot of problems it causes. I am so glad I got a firewall. I got kerio personal firewall (www.kerio.com/us/kpf_home.html) when my NAV started to warn me about viruses. Kerio's firewall allows you to allow or not allow every IP address and port that connects to your computer. The only problem is that you have to configure each IP addresses and ports you want your computer to be allowed to connect to and each IP addresses and ports you don't want your computer to be allowed to connect to. Anyway, I got the virus, Cleaned it up with the fix at Norton's website. Got the firewall...spent days figuring out what ports i needed and what IP addresses i did and did not need and i finally had the whole thing configured. After all this, I didn't get the problem anymore on my computer. One day i was wondering how my firewall was doing so i checked my firewall logs and discovered that my log was 16MBs!!! I read the logs and discovered that my firewall had blocked attempts to send info to 224.0.0.2 at least 1000 times...It blocked 100s of other IP addresses that were suspicious...

The point of the story is that I recommend everyone to get a firewall that is capable of being configured to block individual ports and ip addresses. It might seem difficult to configure the firewall to allow the ports and IP addresses you need, but in the end it will save you much trouble of getting viruses.
Email me if you need any help with configuring firewalls or if you still have problems with that annoying virus.

Response Number 26

Name: Jonathan Chan
Date: December 16, 2002 at 10:49:25 Pacific

Reply:

Brad Peterson,
Are you saying that i don't have to log on to any website to get this virus? Is this virus just transferred by random calls from infected computers to random IP addresses?
Jonathan Chan

Response Number 27

Name: Brad Peterson
Date: December 16, 2002 at 15:15:42 Pacific

Reply:

Johnathan Chan,
You don't need to go onto a website to get infected, you only need to be online (or online on an infected LAN). Crazy huh?
Like you saw with your firewall logs, you can picture the internet as being polluted with Opaserv transmissions going on all over the place.

Other infected computers scan away at other people's IP addresses..and when it finds a vulnerable computer, it sends them the virus. Before Opaserv, the internet really didn't have this type of communication pollution that exploits these flaws, so us computer users never noticed a problem. But now, if you install Win98 on a fresh machine, share the hard drive, and connect to the internet, you can get infected in as little as 5 minutes.
Brad Peterson
b_peterson@yahoo.com

Response Number 28

Name: Jonathan Chan
Date: December 16, 2002 at 18:45:28 Pacific

Reply:

AHHHH!!!! I Feel so bad, annoyed, and not smart now!!!! I had my firewall up on one of my computers, but the rest I left unprotected thinking it was ok...While i was reading all these posts, i was checking on my local network and discovered that one of my computers where infected...I think it got in from the internet. After that, I tried to fix everything up, but the virus transferred to another computer on my network...I now am going to really beef up all my network security...I was hoping that i could just keep my computer directly connected to the internet connection protected with the firewall, but I suppose that isn't true. Anyway, if you have a network, protect ALL your computers from this virus...even if you are using Internet Connection Sharing or a proxy server.

P.S. As i write this post, some computer at 205.188.192.105 is trying to send my something...i think the opaserv worm...Man These things are persistant...look at my firewall log...
1,[16/Dec/2002 21:36:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:36:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:36:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:36:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:36:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:36:58] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:36:58] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:00] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:00] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:10] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:10] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:12] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:12] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:14] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:14] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:16] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:16] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:18] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:18] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:20] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:20] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:22] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:22] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:24] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:24] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:26] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:26] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:28] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:28] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:30] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:30] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:32] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:32] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:34] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:34] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:40] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:40] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:58] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:37:58] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:00] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:00] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:10] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:10] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:12] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:12] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:14] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:14] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:16] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:16] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:18] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:18] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:20] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:20] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:22] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:22] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:24] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:24] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:26] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:26] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:28] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:30] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:30] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:32] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:32] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:32] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:32] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:34] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:34] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:34] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:34] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:36] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:38] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:40] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:40] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:40] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:40] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:42] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:44] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:46] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:48] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:50] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:52] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:54] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:56] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:58] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:38:58] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:00] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:00] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:02] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:04] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:06] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:08] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:10] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
1,[16/Dec/2002 21:39:10] Rule 'Other ICMP': Blocked: In ICMP [3] Destination Unreachable, (null) [205.188.192.105]->localhost, Owner: Tcpip Kernel Driver
This is just one small part of my log which was just formed in 2 min.

Response Number 29

Name: K.Foster
Date: December 16, 2002 at 21:29:07 Pacific

Reply:

Dont relax just yet everyone!
This virus finally got past my Zonealarm firewall on Saturday.
My frantic research led to this site and yes, I have have been through everthing described on the site.
I just cant figure how it got past my firewall.
The firewall has been blocking dozens of connection requests ( I didnt supect what they were before) but on Saturday the Windows Autoupdate icon came on, then the computer said it was installing updates, next a strange file (init.bat!) was blocked from accesing the net by the firewall.
I got suspicious when I examined this file and so I ran a full system scan which revealed the worse. I cleaned the machine and turned on the Norton Autoprotect which began detecting the reinfections you all have described. THESE REINFECTIONS OCCURED THROUGH THE FIREWALL.
I have got relief in the last 3 hours by installing the patch (discoverd by further research when the thing would not die) and changing my access password. The virus was accompanied initially by the w95.dupator.1503
I fear the thing will reoccur.
How come this GROSS virus has not been raising more concern!
It is by far the most serious virus I have ever come across.
And I have been at this for a looong time.
Any opinions as to the firewall?

Response Number 30

Name: Vicki Crawford
Date: December 17, 2002 at 21:58:29 Pacific

Reply:

Thank you, thank you, thank you! I have been battling this worm for nearly 3 months, you name it I can tell you about it. I even went to the trouble of formatting my hard-drive (a work computer of all things) and starting again and still got this worm BACK after a 2 days. The only things that were common on the old drive and the newly formatted drive were the address book and my favourites list. It is in there somewhere! I, like others, am amazed at the lack of alarm on this worm. I suspected at one stage that my virus checker (nortons) was infected and giving me false readings when I would do a full system scan and it reported that I WASN'T infected. I went and bought a computer magazine and installed a different brand of virus checker. It reported that I didn't have the worm, but as soon as I connected to the net (and you don't have to be more than just connected) it would detect the associated files trying to be downloaded onto my system. My friends and work-mates are so used to me referring to my 'claytons worm, the worm you have when you don't have a worm!'. I have applied the fixes, I have removed the associated files, I have editted registry entries, I even formatted the hard-drive and it STILL infects my system. I am running off a laptop with W2000 while I get around to re-formatting the work computer again and not bringing in the favourites/address book. Like others I am amazed at the lack of urgency by the virus sites about this particular worm. It is only when a friend became infected through their firewall that this site has been found with more help and information than I have been able to find on the 'virus' sites.

Sponsored Link

Ads by Google

Rundll32.exe is running t...

JS.Exception.Exploit Viru...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: The ultimate opaserv fix!!

Opaserv...closer to ultimate fix!!!

Summary

www.computing.net/answers/security/opaservcloser-to-ultimate-fix/3199.html

So best fix for opas worm is wait?

Summary

www.computing.net/answers/security/so-best-fix-for-opas-worm-is-wait/3274.html

Opaserv Update, how it works

Summary

www.computing.net/answers/security/opaserv-update-how-it-works/3271.html

From the Geek Dictionary
Loop - Loop is when you have a network failure where your packets pass in an end...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
fill in cells automatically based on other 1

My system shut down automatically

router and switch

CD's, DVD - not detected

Uncontrollable browser scrolling

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE