Just a heads up.
There seems to be a virus floating around under the name w32.opaserv (or other similar names). I have had this virus and I can tell you it is an absolute pain in the arse to remove.
It spreads by locating network shares over the internet and exploiting a security hole in the win 9x line of products to remove (or at least nullify) any passwords on them.
This means that you can find and delete the file, but it will "re-generate" every time you connect to the internet.
As far as I can tell it does no damage, but it is still really, really annoying.
So, if you have any of the Windows 9X or ME products, do a search on your computer for the file "scrsvr.exe" - it should be in the Windows directory. If you have this file, you have the virus. There may also be a file called "tmp.ini" in your C:\ drive, and a registry key in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run that points to the scrsvr.exe file. The virus also alters the win.ini (adds a "run="c:\windows\scrsvr.exe" line)everytime so that it loads on startup. Delete everything above and also do the following:
Go here to get the security hole patch.
Unbind the "file and print sharing" protocol from your modem and/or close off any open network shares (or only give read access to them).
If you have the virus, please do this and save everyone else a lot of grief.
Thanks, that is all
There seems to be a virus floating around under the name w32.opaserv (or other similar names). I have had this virus and I can tell you it is an absolute pain in the arse to remove.
It spreads by locating network shares over the internet and exploiting a security hole in the win 9x line of products to remove (or at least nullify) any passwords on them.
This means that you can find and delete the file, but it will "re-generate" every time you connect to the internet.
As far as I can tell it does no damage, but it is still really, really annoying.
So, if you have any of the Windows 9X or ME products, do a search on your computer for the file "scrsvr.exe" - it should be in the Windows directory. If you have this file, you have the virus. There may also be a file called "tmp.ini" in your C:\ drive, and a registry key in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run that points to the scrsvr.exe file. The virus also alters the win.ini (adds a "run="c:\windows\scrsvr.exe" line)everytime so that it loads on startup. Delete everything above and also do the following:
Go here to get the security hole patch.
Unbind the "file and print sharing" protocol from your modem and/or close off any open network shares (or only give read access to them).
If you have the virus, please do this and save everyone else a lot of grief.
Thanks, that is all