Trying to consolidate solutions to the OPASERV.WORM. Read these links. http://miataru.computing.net/security/wwwboard/forum/2897.html (My Original Post) http://miataru.computing.net/security/wwwboard/forum/2921.html http://miataru.computing.net/security/wwwboard/forum/2954.html They all have some scattered info that is different. If you read the first link, I put some pretty detailed info in there (JROB). I also talked about Zone Alarm. It is great to have on a network, except people can be blocked within the network from accessing computers with Zone Alarm on it. In that first link again I talked about how to correct that. Now someone has also stated that PUT.INI is in your root drive, and that too is true sometimes. I think that depends on the level of infection. If you read the PUT.INI it has the line that inserts the Brasil.pif/exe on your computer. I didnt talk about which registry key to delete when I mentioned it, and I should have. I took this from a post by lac8383: Delete this entry from your registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScrSvr" = %WinDir%\ScrSvr.exe Now also alevir.exe and brasil.exe or .pif could be in there instead of SCRSVR.exe. Ok well I'll stop here, I was just hoping to eliminate too much confusion because there have been several posts about this worm.

Sorry, I posted it in the wrong forum. I thought I was in the Virus one. Sigh...long day....

If you want to do it the easy way, download Symantec's OPASERV.WORM removal tool, run it, shut down your computer, boot with a DOS disk and reinitialize your master boot record. No more OPAcrap.