1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Worm - "Opas.K" and/or "Opaserv.K" - Won't Go Away!

Discussion in 'Virus & Other Malware Removal' started by hottesttotty, Jun 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Boy, I was really hoping to never have to post in this part of the forums, but I've been struck!!

    Last night upon performing a scan with AVG it came up with a virus warning: "I-Worm/Opas.K" Originally located in WINDOWS folder (init.bat or something like that?). Upon completion of the scan it said it was cleaned by AVG. HA! Guess again! I restarted and ran another scan to be sure.....then it came up with "I-Worm/Opaserv.K", now located in the file C:\WINDOWS\_RESTORE\TEMP\A0001444.CPY. Upon completion of second scan it said it couldn't be cleaned and AVG recommended moving to virus vault, but when I clicked on move, it said it couldn't do that either!:eek:

    So, I thought I'd run another scan at Housecall. It couldn't clean it either, so I followed their instructions, and downloaded the Trend Micro System Cleaner. No joy there either, after running it and running another AVG scan, it's still there!

    So, now I'm really stuck! Does anyone know how to get rid of this thing?? This is the first virus I've had, and I've done everything I know to do...:confused:

    Thanks in advance to anyone that can help! Sorry to be so long winded too, but I figured it would help to know exactly what I have (or have NOT!) done so far! :rolleyes:
     
  2. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
  3. RandyG

    RandyG

    Joined:
    Jun 26, 2000
    Messages:
    7,762
    I have found it really useful to run the scan in Safe Mode. I just cleaned a friend's system of 6 viruses, and 493 files. One was being intitiated by a dll or something that recreated the virus exe file every time I deleted it.

    safe mode started, and since it runs on limited resources, the infected file was not running at the time of the scan, and was bale to be removed, as well as the dll causing the reinfection.
     
  4. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Thanks for your response! I also found this information at Symantec Opaserv.K

    The article there says I should run a Microsoft patch before trying to remove this worm. So, do I do that first, then turn off system restore, then go into safe mode and run the AVG scan again? (I always feel better having step by step instructions, in case you can't tell! ;) )

    It also says to disconnect from my network and internet, can I assume that once I've physically disconnected the cable from the router that I'm disconnected from both?

    Sorry to sound so helpless, but in this area I definitely AM!!:(

    Thanks again! ;)
     
  5. RandyG

    RandyG

    Joined:
    Jun 26, 2000
    Messages:
    7,762
    do the MS update, then boot to safe mode, then use the removal tool on that link you posted.

    and yes, if you have physically removed the cable from the port on your computer, you are VERY effectively disconnected!;):D
     
  6. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Thanks Randy! Sorry to be a pain, but I have one more question before I do all this. :rolleyes:

    I have already disconnected the computer from the network, just by unplugging the wire. Can I just plug it back in without restarting and go do the patch and download the cleaner, then just unplug it again and restart in safe mode?

    Thank you so much for your time! ;)
     
  7. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
    All you need to do is flush system restore as suggested by putasolution in the first reply.
     
  8. RandyG

    RandyG

    Joined:
    Jun 26, 2000
    Messages:
    7,762
    Yes, you can. I have an external DSL modem running on my network, and the DSL modem is what is actually connected to the internet at all times. If I turn this off, or reset it, then it automatically recaptures a connection.

    BTW, run that tool on all of your other machines as well.
     
  9. RandyG

    RandyG

    Joined:
    Jun 26, 2000
    Messages:
    7,762
    Maybe I missed it somewhere, but are you running ME or 98?

    using the safe mode method will owrk on either, I believe, and 98 doesn't have that functionality
     
  10. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
    Disable System Restore > Reboot > Enable System Restore
     
  11. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Yes, it' Windows ME.

    I appreciate all your help & will come back when I get it done, or run into any further problems! Have plans with the family today, so I think I'm getting shoved out the door for now, and will have to attack this later tonight!

    Thanks again everyone! Keep your fingers crossed for me!! ;)
     
  12. RandyG

    RandyG

    Joined:
    Jun 26, 2000
    Messages:
    7,762
    OK, Tracey, then follow the advice about the Restore. It would be a shame to go through it all, only to have the OS bring it back to an infected state!;):D
     
  13. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
    Disable System Restore > Reboot > Enable System Restore > Scan with AVG.

    You will be clean.
     
  14. hottesttotty

    hottesttotty Thread Starter

    Joined:
    Dec 12, 2001
    Messages:
    542
    Well, I think I have it all cleared up & cleaned up now. Thanks for all your help Randy, putasolution & Top Banana!

    Also, just a note...Top Banana & putasolution, your suggestions work (I did that first, by the way! ;) ), but it appears that's not a complete solution.....I still had to go into the registry and delete the stuff it left behind there, and then go into the win.ini file and delete the line in there causing the virus to copy itself upon reboot.

    Anyway, I'm just glad it's OVER!! (*me keeping fingers crossed*) I seem to have survived my first virus....all thanks to you guys! Don't know what I'd do without this place!! :D:D:D (y)

    Thanks again & have a good one! ;)
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/139771

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice