I spotted this worm the day before Norton. It was stopped by my firewall from connecting to a web address with an anonymous 'who is?'. I have searched the registry for any references to scrsvr, none found, and use sysedit (typed at the run command) to edit out the run= line in win.ini each time I shut down. I have now set Norton to automatically silently delete any viruses it finds which has quietened it down a bit but like everyone else I suspect that it has installed itself somewhere on the machine. I have now changed my C:drive to 'not shared' and when I did it, it told me that I had one user connected. Ominous! Hopefully this will sort that for the moment but I may need the drive shared in the future. I have been advised by a 'techy' to run a separate PC, loaded with a Linux firewall (IPCOP from www.ipcop.org), as an internet server. This seems a little drastic but may be necessary for broadband users.

0

HELP ANYONE ! Like many others I am infected since September 30th with this virus and tried many things with no succes. Has any one found a solution so far? Bonjour la francophonie, y a-t-il quelqu'un qui a trouvé la solution pour se débarrasser de ce damné virus. (Montréal Canada)

0

Hi Andre, Try the link below. SCRSVR.EXE Good Day! Mesich

0

You may like to know the following: I have been infected with ScrSvr, which is said to be a Win32.opasoft.a worm by my virus software. Like most users it comes back again and again. However, last evening, another file called "BRASIL.PIF" was detected by my virus software. It is a shortcut that you can't open with Notebook/Wordpad or look at its properties because it has security protection. Just like ScrSvr, it writes a line to the Win.ini file, which I assume would run this "shortcut" upon booting the PC. I can't find any reference to it in my Registry Paul

0

I too have the opaserv virus and from what i have read in the previous forum, it is only possible to remove the virus using a removal tool if it has been on your computer for a short amount of time. The only way i found to stop the virus is to create junk files. The virus only seemed to cause trouble when I was the net (before i fixed it). It also created a file called PUT.INI that interfered some of the programs that i had recently run on my computer (this only happened after i had left the virus alone for a while). I deleted this file and it fixed the problem. Below are a list of virus files that i have found: ALEVIR.EXE c:\windows BRASIL.PIF c:\windows BRASIL.EXE c:\windows MARCO!.SCR c:\windows SCRSVR.EXE c:\windows PUT.INI c:\ TMP.INI c:\ What Philcannon wrote about KERNEL32.dll also indicates that the virus uses this file. I also found references to this file when I converted one of the virus files into a *.txt file. It may be necessary to delete or replace this file to remove the virus. Graeme

0

I also found references to the following files in scrsvr when it had been changed to a *.txt file: Advapi32.dll gtools.dll gatorsupportinfo.txt user32.dll scrsin.dat scrsout.dat scrupd.exe ws2_32.dll It also contained the text "Software\microsoft\windows\currentversion\run_software\microsoft\windows\currentversion\internet settings". Hope someone knows what this means. Graeme

0

I too, suffer this virus. I've tried downloading a few 'free' virus checkers. When I run them they give me a 'file corrupted' error. Could this thing be attaching itself to .exe files as we download them?

0

This post contains the full fix for the Opaserv worm. It explains in detail how it works, and 3 methods you can use to stop it. http://www.computing.net/security/wwwboard/forum/3289.html Brad Peterson b_peterson@yahoo.com feel free to email me if you need any help removing this virus.

0