Virus cleaner

hi

Win32:Opas [Wrm] (aka Opasoft, Opaserv) just tryed to access the interent, but i stoped it with my firewall, i went to where it was occording to syagte and scaned it with avast, but it couldn’t remove it, about minite after that i was removing it with the avast virus cleaner, but i was just wondering why the virus cleaner could remove it and avast AV couldn’t, whats so different between them?, surley Avast AV could be that “powerful” and remove all viruses that way.

–lee

This virus would appear to gain acces as a result of a vulnerability that has been patched.

From Trend Micro - WORM_OPASERV

Description:

This worm is a variant of WORM_OPASERV.A. Unlike earlier variants, it uses the mutex name SpeedyDoS3 to indicate infection.

It uses the Share-Level Password vulnerability on Windows systems to propagate via network-shared C drives. This vulnerability allows remote access to a shared file on Windows 95/98 or ME systems without knowledge of the entire password assigned to the share.

For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:

  [url=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp]Microsoft Bulletin MS00-072[/url]

This worm also attempts to update itself via a certain Web site.

It runs on Windows 95, 98, ME, NT, 2000, and XP systems. However, it only spreads through Windows 95/98 and ME systems, which are affected by the Share Level Password vulnerability.

It would appear that you need to reapply that patch.

Well, avast! itself is mostly oriented on files… so, when the virus is running at the moment you’re trying to delete the file, it cannot be done. avast! Virus Cleaner does a memory scan first and kills the infected processes, so it works better in this case.

DavidR

Thanks i applyed the patch again as you suggested

Igor

avast! itself is mostly oriented on files... so, when the virus is running at the moment you're trying to delete the file, it cannot be done

Does that mean that avast itself doesn’t scan the registry for viruses aswell?

–lee

Lee, visit Windows Update and get/install ALL security patches.

Right now, it doesn’t. avast! v4.5 will automatically remove autostart registry entries of files being removed.
(Though the original question doesn’t have anything to do with registry, I’d say).

Eddy

All windows critical patches are always installed (i check once a day), its just davidR suggested i reinstall it.

Igor

(Though the original question doesn't have anything to do with registry, I'd say).

The virus in the origional question had several registery keys that the virus cleaner deleated.

avast! v4.5 will automatically remove autostart registry entries of files being removed

looking forward to that v4.5 then.

Thanks to everyone who helped clear this query(s) up for me

–lee