Jump to content

Homing virus

Ice_Cube
 Share

Recommended Posts

Ice_Cube

Ice_Cube

Posted
Posted

I keep getting attacked by an "Operaserve worm". I have a firewall up and it can't touch me, but if I lower it for some reason (don't ask why I have to do it sometimes for things to wok (I use Zone alarm)) When the firewall is down for 10 seconds (more or less) Nortons pops up and says it has discovered a worm, I then quarantine it and then delete it. I am not sure what it does. I then run a virus check and a program I got for the wonderful Synatec to remove the worm but it says it can't find anything. Is there something hiding in my registery so that it keeps comng back? I have a network so is it hiding on another computer? I just re-formatted it so I don't think it is......

Ice_Cube

Ice_Cube

Posted
  • Author
Posted

Ok, I will scan both computers. In the mean time, the cable (LAN) is taken out. I found something though, in my WINDOWS directory, I found the file "alevir.exe". This turned out to be relatedto the worm so I deleted it. I then checked my WIN.ini file to see if it was loading on start up but nothing was there (nothing bad anyway). I thne went into my registery:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

But there was nothing Evil in there.

I have scanned both computers and used a removal tool before though (with the cable disconnected) and this yielded nothing. Any other ideas?

Ice_Cube

Ice_Cube

Posted
  • Author
Posted

quote from some guy

I added:

del c:windowsalevir.exe

del c:windowsbrasil.exe

del c:windowsscrsvr.exe

del c:put.ini

to the beginning of autoexec.bat, then rebooted.

once the files were gone, i created the fake files by changing text files to .exe's, then put them where the other ones should be, and made them read only

Would doing this solve my problems? I got this off this site

http://www.computing.net/security/wwwboard/forum/3289.html

number6

number6

Posted
Posted

It sounds like this virus is not a problem if you don't share your whole C: drive and you use a firewall to block your ports. It's never a good idea to share the whole disk. Only share what you need to share on your network. If you are online for extended periods it's a good idea to have a firewall running. Don't bring your whole firewall down either. If you want to play a game that needs a port(s) open just set those ports to trusted for that application. It's still good you found that article. As always it's a good idea to stay up to date with Miscrosoft's critical updates so you have the latest fixes for known security flaws.

Ice_Cube

Ice_Cube

Posted
  • Author
Posted

I have had some issues with the firewall meaning I can't do a download/update or something like that, so even if I lower it for 5 seconds, mr Worm appears and enters my system. As for taking C: of my sharing list, damn that is annoying but none the less it sounds critical that I do so I have. I don't know if any of these things has worked as I do not want to test it ;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.