 |
| | HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| | PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
25-09-2003, 09.33.41
|
#1 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
 |
Worm.W32/Opaserv.Y@SMB - Rischio 4 - Update
Origine di questo Worm sembra essere il Brasile. Effetti: PandaLabs reported Monday it has detected the appearance of the new Y variant of the Opaserv worm. According to data gathered by Panda Software's international technical support services, this malicious code is already causing incidents. Opaserv.Y spreads directly through the Internet by looking for computers to infect. In order to do this, it checks if port 137 is open and unprotected. If it is, Opaserv.Y gets into the computer through port 139 and copies itself in the C:\Windows directory under the name Speedy.scr. At the same time, it generates several entries in the Windows Registry in order to ensure that it is run whenever the computer is started up. If the infected computer is connected to a network, Opaserv.Y will exploit the Windows vulnerability known as Share Level Password - based on an inconsistency in the protection of network shares in the operating systems Windows Me/98/95- in order to spread to the rest of the computers in the network. At present, PandaLabs has detected two versions of Opaserv.Y. The difference between the two is the compression utility they are packed with. Another characteristic of this malicious code is that if the user runs the file carrying the worm from an MS-DOS window, instead of displaying the following message: "This program requires MS Windows", one of the following three will be displayed: Telefonica ganhe menos e faca mais!! Queremos melhores servicos da SPEEDY Melhorem o servico Speed seus FDPS!! Due to the incidents detected and to avoid falling victim to Opaserv.Y, Panda Software advises users to treat all e-mails received with caution and to update their antivirus solutions immediately. Info: http://www.pandasoftware.com/virus_i...?idvirus=40765 AntiVirus aggiornato al 23.09.03  (Y)
|
|
|
|
25-09-2003, 09.44.11
|
#2 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Removing Virus utilities:
http://www.pspl.com/download/cleanop.exe http://securityresponse.symantec.com...r/FixOpsrv.exe ftp://ftp.europe.f-secure.com/anti-v...s/opastool.zip ftp://ftp.europe.f-secure.com/anti-v...s/opastool.txt ftp://ftp.f-secure.com/anti-virus/tools/f-opasrv.zip http://www.eurosecure.com/download/t...oveOpaserv.exe http://www.nod32.it/tools/OPACLEAN.ZIP ftp://ftp.kaspersky.com/utils/clrav.zip Ultima modifica di Giorgius : 25-09-2003 alle ore 10.20.25 |
|
|
|
|
25-09-2003, 09.49.59
|
#3 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Alerta contra vírus desenvolvido por brasileiro
Arquivo infectado substitui mensagens do Windows por críticas e palavrões em português contra o Speedy, serviço de banda larga oferecido pela Telefonica. São Paulo - O suporte internacional da Panda Software (www.pandasoftware.com) divulgou hoje um alerta sobre o aparecimento de uma variante do vírus Opaserv, supostamente desenvolvida por um brasileiro. O código malicioso, de acordo com o alerta, já teria provocado vários incidentes. A suspeita sobre a origem do vírus está nas mensagens deixadas por ele - um protesto contra o serviço em banda larga da Telefonica escrito em português. A variante do Opaserv, batizada como Opaserv.Y, se propaga pela internet, com o vírus se multiplicando por meio de cópias no diretório C:Windows com o nome "Speedy.scr". O vírus é ativado todas as vezes que a máquina é reiniciada. Se o arquivo infectado for executado no MS DOS, a mensagem "Este programa requer MS Windows" será substituída por "Telefonica ganhe menos e faça mais!" e "Queremos melhores serviços de SPEEDY", além der uma terceira com palavrões contra os serviços prestados em banda larga pela Telefonica. |
|
|
|
|
25-09-2003, 10.04.55
|
#4 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
New Worm Variant Spreads Through Open Ports
PandaLabs reported Monday it has detected the appearance of the new Y variant of the Opaserv worm. According to data gathered by Panda Software's international technical support services, this malicious code is already causing incidents. http://www.esecurityplanet.com/alert...le.php/3080891 |
|
|
|
|
25-09-2003, 10.27.10
|
#5 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
 Avast! Virus Cleaner is currently (in version 1.0.145) able to identify and remove the following worm families: Win32_Swen [Wrm] Win32_Badtrans [Wrm] Win32_Blaster [Wrm] (aka Lovsan), variants A-F Win32_BugBear [Wrm], including B variant Win32_Ganda [Wrm] Win32_Klez [Wrm], all variants (including variants of Win32_Elkern) Win32_Nimda [Wrm] Win32_Opas [Wrm] (aka Opasoft, Opaserv) Win32_Sircam [Wrm] Win32_Sobig [Wrm], including B, C, D, E and F variants Win32_Yaha [Wrm] (aka Lentin) Download: Mirror 1: http://www.avast.com/files/eng/aswclnr.exe Mirror 2: http://www.asw.cz/files/eng/aswclnr.exe |
|
|
|
 |
| Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
| Strumenti discussione | |
|
|
Discussioni simili
|
||||
| Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
| AutoPatcher Vista June 2007 | giancarlof | Segnalazioni Web | 4 | 07-08-2007 21.16.05 |
| Bios Updates | Billow | Archivio News Web | 0 | 08-11-2004 09.28.25 |
| Bios Updates | Billow | Archivio News Web | 0 | 04-10-2004 17.04.22 |
| Bios Updates | Billow | Archivio News Web | 0 | 17-09-2004 10.37.53 |
| Bios Updates | Billow | Archivio News Web | 1 | 15-09-2004 00.08.01 |
