DavidR
2
This virus would appear to gain acces as a result of a vulnerability that has been patched.
From Trend Micro - WORM_OPASERV
Description:
This worm is a variant of WORM_OPASERV.A. Unlike earlier variants, it uses the mutex name SpeedyDoS3 to indicate infection.
It uses the Share-Level Password vulnerability on Windows systems to propagate via network-shared C drives. This vulnerability allows remote access to a shared file on Windows 95/98 or ME systems without knowledge of the entire password assigned to the share.
For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:
[url=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp]Microsoft Bulletin MS00-072[/url]
This worm also attempts to update itself via a certain Web site.
It runs on Windows 95, 98, ME, NT, 2000, and XP systems. However, it only spreads through Windows 95/98 and ME systems, which are affected by the Share Level Password vulnerability.
It would appear that you need to reapply that patch.