Win32:Opas [Wrm] (aka Opasoft, Opaserv) just tryed to access the interent, but i stoped it with my firewall, i went to where it was occording to syagte and scaned it with avast, but it couldn’t remove it, about minite after that i was removing it with the avast virus cleaner, but i was just wondering why the virus cleaner could remove it and avast AV couldn’t, whats so different between them?, surley Avast AV could be that “powerful” and remove all viruses that way.
This worm is a variant of WORM_OPASERV.A. Unlike earlier variants, it uses the mutex name SpeedyDoS3 to indicate infection.
It uses the Share-Level Password vulnerability on Windows systems to propagate via network-shared C drives. This vulnerability allows remote access to a shared file on Windows 95/98 or ME systems without knowledge of the entire password assigned to the share.
For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:
This worm also attempts to update itself via a certain Web site.
It runs on Windows 95, 98, ME, NT, 2000, and XP systems. However, it only spreads through Windows 95/98 and ME systems, which are affected by the Share Level Password vulnerability.
It would appear that you need to reapply that patch.
Well, avast! itself is mostly oriented on files… so, when the virus is running at the moment you’re trying to delete the file, it cannot be done. avast! Virus Cleaner does a memory scan first and kills the infected processes, so it works better in this case.
Right now, it doesn’t. avast! v4.5 will automatically remove autostart registry entries of files being removed.
(Though the original question doesn’t have anything to do with registry, I’d say).